[Pki-devel] Red Hat Certificate System - Token problem
Veale, Sean
sean.veale at gdc4s.com
Tue May 4 19:06:08 UTC 2010
Did they work previously and now don't?
In the tps CS.cfg I'd check to see if
op.xxx.xxx.xxx.update.symmeticKeys.enabled and if it is set to true, set
it to false.
Sean
-----Original Message-----
From: pki-devel-bounces at redhat.com [mailto:pki-devel-bounces at redhat.com]
On Behalf Of John Magne
Sent: Tuesday, May 04, 2010 2:32 PM
To: Carlos Franciosi
Cc: pki-devel at redhat.com
Subject: Re: [Pki-devel] Red Hat Certificate System - Token problem
Hello:
A couple of things you might want to try on these tokens that we have
not tested here:
1. In the /var/lib/pki-tps/CS.cfg there is an entry like this:
applet.aid.cardmgr_instance=blah
Perhaps for your cards, this value might be different? If it is, add it
there.
2. IN the /var/lib/pki-tks/CS.cfg there are lines that speak to the
default keyset like:
tks.defKeySet.auth_key=#40#41#42...
Perhaps with your keys, this may be different? I would not think so, but
it would be something to check.
----- Original Message -----
From: "Carlos Franciosi" <cfrancio at redhat.com>
To: pki-devel at redhat.com
Sent: Wednesday, April 7, 2010 8:40:16 AM GMT -08:00 US/Canada Pacific
Subject: [Pki-devel] Red Hat Certificate System - Token problem
Hi,
I've been working in a RHCS project for a year and now we have some
problems with the format process of the tokens.
When we try to format the token with the ESC the following error
appears:
"Formatting of smart card failed. Error: The Smart Card Server cannot
upgrade the software on your smart card."
We are using the Gemalto "USB eSeal Token V2"
(http://www.gemalto.com/products/usb_eseal_token/). I've also tested the
RSA sid800 with the same results.
Note: These tokens support Global Platform and JavaCard standards !
I've also checked the /var/log/pki-tps/tps-error.log and I found the
following:
[2010-04-03 04:06:32] f39a83f0 RA_Processor::SelectApplet - Bad
Response
[2010-04-03 04:06:32] f39a83f0 RA_Processor::SelectApplet - Bad
Response
[2010-04-03 04:06:32] f39a83f0 RA_Processor::GetStatus - Bad Response
[2010-04-03 04:06:32] f39a83f0 RA_Processor::GetAppletVersion - Bad
Response
[2010-04-03 04:06:40] f39a83f0 RA_Processor::SelectApplet - Bad
Response
[2010-04-03 04:06:40] f39a83f0 RA_Processor::SetupSecureChannel -
Failed to create a secure channel - potentially due to an RA/TKS key
mismatch or differing RA/TKS key versions.
[2010-04-03 04:06:40] f39a83f0 RA_Processor::UpgradeApplet - channel
creation failure
[2010-04-03 04:06:40] f39a83f0 RA_Processor::SelectApplet - Bad
Response
Any help would be much appreciated.
Ing. Carlos Franciosi - RHCA / RHCDS
Regional Solution Architect
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list