[Pki-users] error -12271 trying to ESC connect to TPS
Ebbe Hansen
ehansen at spyrus.com
Tue Nov 25 17:46:34 UTC 2008
Jack,
In my configuration the URL actually is:
https://redhat4.spyrus.com:7889/cgi-bin/home/index.cgi
After clicking the "Test URL" button on the ESC (Smart Card Manager) I
observe the error:
"Could not establish an encrypted connection bacause your certfcite was
rejected by
Redhat4.spyrus.com. Error Code: -12271"
When accessting the TPS with a browser I receive the following display:
<?xml version="1.0" encoding="UTF-8" ?>
- <ServiceInfo>
<IssuerName>Spyrus, Inc.</IssuerName>
- <Services>
<Operation>https://redhat4.spyrus.com:7889/cgi-bin/home/index.cgi</Opera
tion>
<UI>https://redhat4.spyrus.com:7889/cgi-bin/home/enroll.cgi</UI>
<EnrolledTokenBrowserURL>http://www.spyrus.com</EnrolledTokenBrowserURL>
<EnrolledTokenURL />
<TokenType>userKey</TokenType>
</Services>
</ServiceInfo>
Ebbe
-----Original Message-----
From: Jack Magne [mailto:jmagne at redhat.com]
Sent: Monday, November 24, 2008 6:30 PM
To: Ebbe Hansen
Cc: pki-users at redhat.com
Subject: Re: [Pki-users] error -12271 trying to ESC connect to TPS
Ebbe:
Try this as your phone home URL.
https://smartcardserver.example.com:7888/cgi-bin/home.cgi
Also , you can try this with a browser and it should simply print out a
simple XML file for you.
I will take a look at the doc and see how it can be improved.
Ebbe Hansen wrote:
> Jack,
>
> I am trying to setup the initial "phone home" configuration with the
> intent to Format a blank token.
> The ESC User guide (and the ESC) is indicating the initial Phone Hole
> connection must be secured using https (e.g.
> "https://smartcardserver.example.com:7888").
>
> When connecting to the Admin services for all other PKI components
(CA,
> DRM, TKS and TPS) a client certificate is required to gain access. The
> error message I observe when trying to connect with the ESC indicates
a
> client certificate is also expected in this case - but I haven't found
> anything in the ESC Guide that documents this?
>
> Ebbe
>
>
> -----Original Message-----
> From: Jack Magne [mailto:jmagne at redhat.com]
> Sent: Monday, November 24, 2008 9:54 AM
> To: Ebbe Hansen
> Cc: pki-users at redhat.com
> Subject: Re: [Pki-users] error -12271 trying to ESC connect to TPS
>
> Ebbe:
>
> Could you state exactly what operation you are trying to do with ESC
> with respect to TPS.
> Are you performing the "phone home" step or actually attempting an
> enrollment?
> The default case should not require client auth which appears to be
the
> case with your error.
>
> thanks,
> jack
>
> Ebbe Hansen wrote:
>
>> I am not successful connecting the ESC (Smart Card Manager) client to
>> the TPS. I have configured TPS and ESC as documented in ESC Guide.
>>
>> The error message says: "Could not establish an encrypted connection
>> because your certificate was rejected. Error -12271".
>>
>> Looks like the ESC needs a user certificate and key to establish SSL
>> connection.
>>
>> Not sure how the ESC can be configured to access a dedicated user
>> certificate & key? Can ESC detect and possibly use the TPS Admin
>> cert/key if running on same platform?
>>
>> Ehansen @ SPYRUS Corp.
>>
>>
>>
>
------------------------------------------------------------------------
>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>>
>
>
More information about the Pki-users
mailing list