[Pki-devel] Red Hat Certificate System - Token problem

John Magne jmagne at redhat.com
Tue May 4 18:32:05 UTC 2010 

Hello:

A couple of things you might want to try on these tokens that we have not tested here:

1. In the /var/lib/pki-tps/CS.cfg there is an entry like this:

applet.aid.cardmgr_instance=blah

Perhaps for your cards, this value might be different? If it is, add it there.

2. IN the /var/lib/pki-tks/CS.cfg there are lines that speak to the default keyset like:

tks.defKeySet.auth_key=#40#41#42...


Perhaps with your keys, this may be different? I would not think so, but it would be something to check.


----- Original Message -----
From: "Carlos Franciosi" <cfrancio at redhat.com>
To: pki-devel at redhat.com
Sent: Wednesday, April 7, 2010 8:40:16 AM GMT -08:00 US/Canada Pacific
Subject: [Pki-devel] Red Hat Certificate System - Token problem

Hi,
I've been working in a RHCS project for a year and now we have some problems with the format process of the tokens.

When we try to format the token with the ESC the following error appears:
"Formatting of smart card failed. Error:  The Smart Card Server cannot upgrade the software on your smart card."

We are using the Gemalto "USB eSeal Token V2" (http://www.gemalto.com/products/usb_eseal_token/). I've also tested the RSA sid800 with the same results.

Note: These tokens support Global Platform and JavaCard standards !
 
I've also checked the /var/log/pki-tps/tps-error.log and I found the following:
 
 [2010-04-03 04:06:32] f39a83f0 RA_Processor::SelectApplet - Bad Response
 [2010-04-03 04:06:32] f39a83f0 RA_Processor::SelectApplet - Bad Response
 [2010-04-03 04:06:32] f39a83f0 RA_Processor::GetStatus - Bad Response
 [2010-04-03 04:06:32] f39a83f0 RA_Processor::GetAppletVersion - Bad Response
 [2010-04-03 04:06:40] f39a83f0 RA_Processor::SelectApplet - Bad Response
 [2010-04-03 04:06:40] f39a83f0 RA_Processor::SetupSecureChannel - Failed to create a secure channel - potentially due to an RA/TKS key mismatch or differing RA/TKS key versions.
 [2010-04-03 04:06:40] f39a83f0 RA_Processor::UpgradeApplet - channel creation failure
 [2010-04-03 04:06:40] f39a83f0 RA_Processor::SelectApplet - Bad Response
 
Any help would be much appreciated.

Ing. Carlos Franciosi - RHCA / RHCDS
Regional Solution Architect

_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list