Re: [Pki-users] error -12271 trying to ESC connect to TPS

Jack, I am trying to setup the initial "phone home" configuration with the intent to Format a blank token. The ESC User guide (and the ESC) is indicating the initial Phone Hole connection must be secured using https (e.g. "https://smartcardserver.example.com:7888"). When connecting to the Admin services for all other PKI components (CA, DRM, TKS and TPS) a client certificate is required to gain access. The error message I observe when trying to connect with the ESC indicates a client certificate is also expected in this case - but I haven't found anything in the ESC Guide that documents this? Ebbe -----Original Message----- From: Jack Magne [mailto:jmagne@redhat.com] Sent: Monday, November 24, 2008 9:54 AM To: Ebbe Hansen Cc: pki-users(a)redhat.com Subject: Re: [Pki-users] error -12271 trying to ESC connect to TPS Ebbe: Could you state exactly what operation you are trying to do with ESC with respect to TPS. Are you performing the "phone home" step or actually attempting an enrollment? The default case should not require client auth which appears to be the case with your error. thanks, jack Ebbe Hansen wrote: > I am not successful connecting the ESC (Smart Card Manager) client to > the TPS. I have configured TPS and ESC as documented in ESC Guide. > > The error message says: "Could not establish an encrypted connection > because your certificate was rejected. Error -12271". > > Looks like the ESC needs a user certificate and key to establish SSL > connection. > > Not sure how the ESC can be configured to access a dedicated user > certificate & key? Can ESC detect and possibly use the TPS Admin > cert/key if running on same platform? > > Ehansen @ SPYRUS Corp. > > > ------------------------------------------------------------------------ > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users > >