[Pki-users] error -12271 trying to ESC connect to TPS

[Ebbe Hansen]

Jack,

I am trying to setup the initial "phone home" configuration with the
intent to Format a blank token.
The ESC User guide (and the ESC) is indicating the initial Phone Hole
connection must be secured using https (e.g.
"https://smartcardserver.example.com:7888").

When connecting to the Admin services for all other PKI components (CA,
DRM, TKS and TPS) a client certificate is required to gain access. The
error message I observe when trying to connect with the ESC indicates a
client certificate is also expected in this case - but I haven't found
anything in the ESC Guide that documents this?

Ebbe


-----Original Message-----
From: Jack Magne [mailto:jmagne at redhat.com] 
Sent: Monday, November 24, 2008 9:54 AM
To: Ebbe Hansen
Cc: pki-users at redhat.com
Subject: Re: [Pki-users] error -12271 trying to ESC connect to TPS

Ebbe:

Could you state exactly what operation you are trying to do with ESC 
with respect to TPS.
Are you performing the "phone home" step or actually attempting an 
enrollment?
The default case should not require client auth which appears to be the 
case with your error.

thanks,
jack

Ebbe Hansen wrote:
>
> I am not successful connecting the ESC (Smart Card Manager) client to 
> the TPS. I have configured TPS and ESC as documented in ESC Guide.
>
> The error message says: "Could not establish an encrypted connection 
> because your certificate was rejected. Error -12271".
>
> Looks like the ESC needs a user certificate and key to establish SSL 
> connection.
>
> Not sure how the ESC can be configured to access a dedicated user 
> certificate & key? Can ESC detect and possibly use the TPS Admin 
> cert/key if running on same platform?
>
> Ehansen @ SPYRUS Corp.
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>