Hey, Thanks for the reply and help! I tried around a little more, everything seems fine.
* extract the subjectKeyIdentifier: OK, I am trying to find out the subjectKeyIdentifier: > pkcs15-tool --read-certificate 3 > cert.pem > pki --keyid --in cert.pem --type x509 subjectKeyIdentifier: <id> OK, so far so good. * look for a public key having the certificates subjectKeyIdentifier as ID > pkcs15-tool --read-public-key 3 > key.pem > pki --keyid --in key.pem --type pub subjectKeyIdentifier: <id> The ids match! So it should be fine! * The certificate needs the TLS CLient Auth Extended Key usage flag. I test this with: > openssl x509 -in cert.pem -text -noout ... X509v3 Extended Key Usage: TLS Web Client Authentication ... Thank you for the help! Any other help on why this does possibly not work? Nathan [1] https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager#Smart-card-requirements -- Dr. Nathan Hüsken Cloud Developer nat...@wintercloud.de +49 151 703 478 84 wintercloud GmbH & Co. KG Emil-Maier-Str. 16 69115 Heidelberg wintercloud.de Sitz der Kommanditgesellschaft: Heidelberg, Registernummer der Kommanditgesellschaft im Handelsregister: AG Mannheim HRA 707268 Komplementärin: junah GmbH, Sitz der Komplementärin: Heidelberg, Registernummer der Komplementärin im Handelsregister: AG Mannheim HRB 726538, Geschäftsführer der Komplementärin: Julian Wintermayr und Dr. Nathan Hüsken USt-IdNr.: DE815676705 ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 17 July 2018 11:01 AM, Tobias Brunner <tob...@strongswan.org> wrote: > > > Hi Nathan, > > > - If I use smartcard, I get prompted for my pin but then it says in the > > > > logs: > > > > > > VPN connection: failed to connect: 'no usable smartcard certificate > > > > found.' > > > > This is unfortunately not very informative. I wonder: Does it not find > > > > the certificate on the smartcard? Did I copy the wrong certificate? > > Did you read the requirements at [1]? > > Regards, > > Tobias > > [1] > > https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager#Smart-card-requirements