[Pki-users] error -12271 trying to ESC connect to TPS

Jack Magne jmagne at redhat.com
Tue Nov 25 02:29:38 UTC 2008 

Ebbe:

Try this as your phone home URL.

https://smartcardserver.example.com:7888/cgi-bin/home.cgi

Also , you can try this with a browser and it should simply print out a 
simple XML file for you.

I will take a look at the doc and see how it can be improved.

Ebbe Hansen wrote:
> Jack,
>
> I am trying to setup the initial "phone home" configuration with the
> intent to Format a blank token.
> The ESC User guide (and the ESC) is indicating the initial Phone Hole
> connection must be secured using https (e.g.
> "https://smartcardserver.example.com:7888").
>
> When connecting to the Admin services for all other PKI components (CA,
> DRM, TKS and TPS) a client certificate is required to gain access. The
> error message I observe when trying to connect with the ESC indicates a
> client certificate is also expected in this case - but I haven't found
> anything in the ESC Guide that documents this?
>
> Ebbe
>
>
> -----Original Message-----
> From: Jack Magne [mailto:jmagne at redhat.com] 
> Sent: Monday, November 24, 2008 9:54 AM
> To: Ebbe Hansen
> Cc: pki-users at redhat.com
> Subject: Re: [Pki-users] error -12271 trying to ESC connect to TPS
>
> Ebbe:
>
> Could you state exactly what operation you are trying to do with ESC 
> with respect to TPS.
> Are you performing the "phone home" step or actually attempting an 
> enrollment?
> The default case should not require client auth which appears to be the 
> case with your error.
>
> thanks,
> jack
>
> Ebbe Hansen wrote:
>   
>> I am not successful connecting the ESC (Smart Card Manager) client to 
>> the TPS. I have configured TPS and ESC as documented in ESC Guide.
>>
>> The error message says: "Could not establish an encrypted connection 
>> because your certificate was rejected. Error -12271".
>>
>> Looks like the ESC needs a user certificate and key to establish SSL 
>> connection.
>>
>> Not sure how the ESC can be configured to access a dedicated user 
>> certificate & key? Can ESC detect and possibly use the TPS Admin 
>> cert/key if running on same platform?
>>
>> Ehansen @ SPYRUS Corp.
>>
>>
>>     
> ------------------------------------------------------------------------
>   
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>   
>>     
>
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20081124/4309a618/attachment.bin>

More information about the Pki-users mailing list