Can you please try to make the 1024 key work with the new version?
Can you please provide the output of openvpn --show-pkcs11-ids?
Can you please make sure you put the serialized id within a single
quotes ('xxxxx').
Can you please provide the OpenVPN log while in --verb 255?Thanks. On 4/30/09, Alvarez Calvo, Francisco Javier <si...@conselleriadefacenda.es> wrote: > > > > > Hi Alon! > > > > Excuse my poor english. > > > > I have read many pages about pkcs11, but I decided to talk to you because > I’m stuck. I will understand if you couldn’t help me. > > > > I work in a company that have an openvpn. Until now our cards had an > encryption of 1024, but now the encryption is 2048. That wasn’t a problem at > first, but now with the version 2.1rc4 it doesn’t work, so we decided to use > a prior version like 2.1rc15, but the problem is that no pkcs11-slot-type > neither pkcs11-slot options exists. > > > > I’ve been trying to use the new version with the pkcs11-id option, but the > serialized is imposible to read (it’s something like Serialized id: > FNMT\x2DRCM/\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x03/«ñ┴R\x60P\x16/FNMT\x2DRCM/827F0CAFE2…). > The CA is a official organism here in Spain. > > > > Until now I have used the Subject from the token 1 (only one cert), with the > name and the id Number of each user on it (like DN: > /C=ES/O=FNMT/OU=FNMT Clase 2 CA/OU=701002933/CN=NOMBRE ALVAREZ CALVO JAVIER > - NIF 33678735Y) but now and after read many pages with your answers I > haven’t got anything with the new version. > > > > I wonder about the possibility of use pkcs11-id-management, but I don’t > understand the possibilities, and the use of the serialized-id mencioned > required us to change all the CCD of the clients. > > > > This is the old configuration (2.1rc4) that doesn’t works with the new cards > with a 2048 bits encryption. Most clients are Windows XP. > > client > > dev tun > > proto udp > > remote x.x.x.x 6996 > > remote y.y.y.y 6996 > > resolv-retry infinite > > nobind > > persist-key > > persist-tun > > ca caslinux.cer > > ns-cert-type server > > tls-auth talinux.key 1 > > comp-lzo > > verb 3 > > > > # Silence repeating messages > > ;mute 20 > > pkcs11-providers c:\\windows\\system32\\cryptoki.dll > > pkcs11-slot-type label > > pkcs11-slot "FNMT" > > pkcs11-id-type subject > > pkcs11-id "/C=ES/O=FNMT/OU=FNMT Clase 2 CA/OU=500010113/CN=NOMBRE CASTRO > MONTA\\xF1A GONZALO - NIF 35697032K" > > #route 10.232.20.0 255.255.255.0 > > > > > > > > Many Thanks and congratules for your good job > > Saúdos > > ________________________________________________________ > Francisco Javier Álvarez Calvo > Dpto. Unidade de Sistemas - Ext. 57559 > E-mail: si...@xuntaeco.es > ------------------------------------------------------------------- > Cixtec > Santiago de Compostela > ------------------------------------------------------------------- > http://www.cixtec.es > ________________________________________________________ > > -----BEGIN PGP PUBLIC KEY BLOCK----- > > Version: GnuPG v1.4.7 (MingW32) > > > > mQGiBEkIJAwRBACymuLFY3OY889wgtUlcnjSZ3OHihyo8wEMeS/T/joeFOpg+MmQ > > Ab9ELl/luq7FxMy27ZbbTR9Dobj5FKuAkqxhb6i7nzFq5scyl4a0V/Jbn6eHLZsy > > B+LoNgKtI6N1JfIhmrqCeB7euPA6qBfJpVDrXORPxpGuPQg5KbQDfC2EAwCgnZNI > > 2At3oaN014DUVY7rK13K3BsD/iBhyz3h/vqZoOmPoYbO3MvaGPQ+5finp+ws4/d4 > > 5nlm/JW5yh/GFIoVBMjHkZx+KFcorhUaT2M+r5Ef4cACj+ZFdwP+uB57QoRN6gF3 > > Zv9P6ELsp2LDYs645t/jC5bbVq5rr7gGQNAbGgdYaV5LBY4yswPc9hAcOLF7BmG0 > > diFTA/0eVq71crBf+RLbmyLufRGIZheJD71YJbad85KPMQEzO9uEQwdrEyVaE7DR > > xy4L4ZW+8bVgr/BwJS7TMzyN4Fl8BVQ7qXDrPbjQrkGuQNmoWbpq0fUCBs41aixm > > eVcLuD8lxhF1RCK/q48FmwkcdQkMKA94tPPtXEWubMFp98jOwbQzRnJhbmNpc2Nv > > IEphdmllciBBbHZhcmV6IENhbHZvIDxqYXZpYWNAeHVudGFlY28uZXM+iGAEExEC > > ACAFAkkIJAwCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCopI3Sf/IwJ7Nz > > AJ4pW2Ni5FhF+nICFJDXGxBgzQgkCQCgiJy18vMnI2L2/9M16FpYS4STCB+5AQ0E > > SQgkDBAEAJUzP7QcCsg9xO5rRU8BioTFQIfz79gG+eSbzSKksqimS6IxtVm9Msgk > > jWOBZTU4yHJ/wMM0ytg3JInYbA9hC0SrazUFI4waLnULJeHZPdF/WEB15WPa+CA8 > > z11X87JIm7emD/u6QDA9YsiLJXNvWjBmkmOTR7XX0z4dkZuWJ7J3AAMFA/9Ayzum > > R+6f9CVNI3sLS27aqxgeJidQT+PYr85HL0vtYHEN26qrGLKERX4H/cz54jBw5PMh > > A1q0lP72HbBMzB6QmLbZIzlKxASkIwNHdmjAs+VtAe3dgRBziHIdoojLNIpMcbQS > > 71Si2EZ7YVVOS5AjJoD3TluXzgYvxlj7p5bJxIhJBBgRAgAJBQJJCCQMAhsMAAoJ > > EKikjdJ/8jAnGBEAn17MYbtDdttNva4LsM/XdB1GMXXBAJsHtBWvXzC/1FiOs9bp > > 0Y/GgKO03A== > > =3Wwu > > -----END PGP PUBLIC KEY BLOCK----- > > >
