CentOS 7, In firefox -> privacy & security -> certificates -> security devices i am trying to load the pkcs11 modules, but get the error unable to load.
I am following the directions at https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which contains /usr/lib64/openssl/engines/pkcs11.so and am using that is the module
Has anybody here done that, and can offer advice?
Tony Schreiner
On Thu, Apr 2, 2020 at 12:47 PM Tony Schreiner anthony.schreiner@bc.edu wrote:
CentOS 7, In firefox -> privacy & security -> certificates -> security devices i am trying to load the pkcs11 modules, but get the error unable to load.
I am following the directions at https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which contains /usr/lib64/openssl/engines/pkcs11.so and am using that is the module
Has anybody here done that, and can offer advice?
Answering myself, though not completely solved.
I should have instead been loading /usr/lib64/opensc-pksc11.so
Hi Tony, Have you solved this problem yet?I took another approach and used CACkey which supportsUS Government PIV cards including the CAC. In my case I set it up on Linux Mint but there is an rpm version of CACKey for 32 or 64 bit Centos.Here is the process I went through. - setup CAC card by following instructions on: https://help.ubuntu.com/community/CommonAccessCard sudo apt-get install libpcsclite1 pcscd pcsc-tools - download CACkey from https://cackey.rkeene.org/fossil/index sudo dpkg -i cackey_0.7.5-1_amd64.deb The above command failed with: "dpkg: error processing archive cackey_0.7.5-1_amd64.deb (--install): unable to create '/libcackey.so.dpkg-new' (while processing './usr/lib64/libcackey.so'): No such file or directory dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: cackey_0.7.5-1_amd64.deb"
- as root I created the directory /usr/lib64 and ran the command again!!!!!!It Worked!!!!!!! - ran command pcsc_scan and it found my CAC - had to manually install the DoD root certificates - certificates were manually installed one at a time for both Thunderbird and Firefox It turned out to be much easier than I thought it would to get my PIV working on a Linux machine. Hope that helps.Ed
On Thursday, April 2, 2020, 1:37:32 PM EDT, Tony Schreiner anthony.schreiner@bc.edu wrote:
On Thu, Apr 2, 2020 at 12:47 PM Tony Schreiner anthony.schreiner@bc.edu wrote:
CentOS 7, In firefox -> privacy & security -> certificates -> security devices i am trying to load the pkcs11 modules, but get the error unable to load.
I am following the directions at https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which contains /usr/lib64/openssl/engines/pkcs11.so and am using that is the module
Has anybody here done that, and can offer advice?
Answering myself, though not completely solved.
I should have instead been loading /usr/lib64/opensc-pksc11.so _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Sun, Apr 5, 2020 at 4:27 PM nschehovin--- via CentOS centos@centos.org wrote:
Hi Tony, Have you solved this problem yet?I took another approach and used CACkey which supportsUS Government PIV cards including the CAC. In my case I set it up on Linux Mint but there is an rpm version of CACKey for 32 or 64 bit Centos.Here is the process I went through.
- setup CAC card by following instructions on:
https://help.ubuntu.com/community/CommonAccessCard sudo apt-get install libpcsclite1 pcscd pcsc-tools
- download CACkey from https://cackey.rkeene.org/fossil/index
sudo dpkg -i cackey_0.7.5-1_amd64.deb The above command failed with: "dpkg: error processing archive cackey_0.7.5-1_amd64.deb (--install): unable to create '/libcackey.so.dpkg-new' (while processing './usr/lib64/libcackey.so'): No such file or directory dpkg-deb: error: paste subprocess was killed by signal (Broken pipe) Errors were encountered while processing: cackey_0.7.5-1_amd64.deb"
- as root I created the directory /usr/lib64 and ran the command
again!!!!!!It Worked!!!!!!!
- ran command pcsc_scan and it found my CAC
- had to manually install the DoD root certificates
- certificates were manually installed one at a time for both Thunderbird
and Firefox It turned out to be much easier than I thought it would to get my PIV working on a Linux machine. Hope that helps.Ed
On Thursday, April 2, 2020, 1:37:32 PM EDT, Tony Schreiner <anthony.schreiner@bc.edu> wrote:
On Thu, Apr 2, 2020 at 12:47 PM Tony Schreiner anthony.schreiner@bc.edu wrote:
CentOS 7, In firefox -> privacy & security -> certificates -> security devices i am trying to load the pkcs11 modules, but get the error unable to
load.
I am following the directions at https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which contains /usr/lib64/openssl/engines/pkcs11.so and am using that is the module
Has anybody here done that, and can offer advice?
Answering myself, though not completely solved.
I should have instead been loading /usr/lib64/opensc-pksc11.so _______________________________________________
I was advising someone at a remote site, so didn't see the full experience. But once I provided the correct path for the module, he was able to load it and complete the authentication. Sorry I don't have more details.
But thanks for the info, I'll save it. Tony
-
nschehovin@yahoo.com -
Tony Schreiner