RE: [Pki-users] error -12271 trying to ESC connect to TPS
Jack,
I am trying to setup the initial "phone home" configuration with the
intent to Format a blank token.
The ESC User guide (and the ESC) is indicating the initial Phone Hole
connection must be secured using https (e.g.
"https://smartcardserver.example.com:7888").
When connecting to the Admin services for all other PKI components (CA,
DRM, TKS and TPS) a client certificate is required to gain access. The
error message I observe when trying to connect with the ESC indicates a
client certificate is also expected in this case - but I haven't found
anything in the ESC Guide that documents this?
Ebbe
-----Original Message-----
From: Jack Magne [mailto:jmagne@redhat.com]
Sent: Monday, November 24, 2008 9:54 AM
To: Ebbe Hansen
Cc: pki-users(a)redhat.com
Subject: Re: [Pki-users] error -12271 trying to ESC connect to TPS
Ebbe:
Could you state exactly what operation you are trying to do with ESC
with respect to TPS.
Are you performing the "phone home" step or actually attempting an
enrollment?
The default case should not require client auth which appears to be the
case with your error.
thanks,
jack
Ebbe Hansen wrote:
I am not successful connecting the ESC (Smart Card Manager) client to
the TPS. I have configured TPS and ESC as documented in ESC Guide.
The error message says: "Could not establish an encrypted connection
because your certificate was rejected. Error -12271".
Looks like the ESC needs a user certificate and key to establish SSL
connection.
Not sure how the ESC can be configured to access a dedicated user
certificate & key? Can ESC detect and possibly use the TPS Admin
cert/key if running on same platform?
Ehansen @ SPYRUS Corp.
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users