I am attempting to transition our existing environment of signed Digicert certificates from RSA-4096 to ECC256. The digicert one signing process appears to work. When using a software-emulated TPM, the connection is succesful.
When I try hardware tpm(3 laptops) I encounter the folowing problem ERROR: Esys_Sign: tpm:parameter(1):structure is the wrong size SSL connection failure: PKCS #11 error. I have tried generating the csr to be signed using both tpm2-openssl and pkcs11-provider, same result. Maybe the following gives a clue. Any ideas? (openconnect with --gnutls-debug=99 -v) https://pastebin.com/d2gT4t6q _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
