|
|
> On 1/13/07, Dave <dev@xxxxxxxxxxxxxx> wrote:
> > Folks;
> >
> > I have a configuration that works with certificate files,
> but for some
> > reason does not when the crt and key are imported onto a token. In
> > that scenario, after entering the PIN, the connection fails at:
> >
> > TLS Error: TLS key negotiation failed to occur within 60 seconds
> >
> > This is the only cert/key on the token, so surely it is
> selecting the
> > correct one. Is there any known or obvious caveats in
> using tokens?
> > That can cause the TLS negotiation problems?
>
> Hello,
>
> Which token do you use?
> Which middleware? What version?
> How did you imported the key and certificate into the token?
> Can you please run openvpn --verb 7 reproduce and send the log?
>
> Regards,
> Alon Bar-Lev.
>
Token used: BesToken
Middleware: shipped with the BesToken SDK; bt_csp11.dll
Version: I think the following which was output from one of it's samples
might have the info you are requesting:
Get cryptoki library information
Cryptoki informations:
CryptokiVersion.major = 2
CryptokiVersion.minor = 11
LibraryVersion.major = 1
LibraryVersion.minor = 20
Flags = 0x00000000
LibraryDescription = BESTOKEN PKCS#11 Library.
ManufacturerID = BestBuy Deluxe Co., Ltd.
How Imported: the certificate and key were imported via a tool that came
with the device, called the 'Token Manager' (bt_mgr.exe)
Here's the portion of the client config that I am using instead of cert and
key:
pkcs11-providers bt_csp11.dll
pkcs11-slot-type "label"
pkcs11-slot "DavidLemley"
pkcs11-id-type label
pkcs11-id "dev@xxxxxxxxxxxxxx'sWFCa1 ID"
I sent the log to you in a separate email because it is so long, and I
didn't know which section would be of interest to the list in general.
-Dave
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|