[Pki-users] error -12271 trying to ESC connect to TPS
Jack Magne
jmagne at redhat.com
Tue Nov 25 02:29:38 UTC 2008
Ebbe:
Try this as your phone home URL.
https://smartcardserver.example.com:7888/cgi-bin/home.cgi
Also , you can try this with a browser and it should simply print out a
simple XML file for you.
I will take a look at the doc and see how it can be improved.
Ebbe Hansen wrote:
> Jack,
>
> I am trying to setup the initial "phone home" configuration with the
> intent to Format a blank token.
> The ESC User guide (and the ESC) is indicating the initial Phone Hole
> connection must be secured using https (e.g.
> "https://smartcardserver.example.com:7888").
>
> When connecting to the Admin services for all other PKI components (CA,
> DRM, TKS and TPS) a client certificate is required to gain access. The
> error message I observe when trying to connect with the ESC indicates a
> client certificate is also expected in this case - but I haven't found
> anything in the ESC Guide that documents this?
>
> Ebbe
>
>
> -----Original Message-----
> From: Jack Magne [mailto:jmagne at redhat.com]
> Sent: Monday, November 24, 2008 9:54 AM
> To: Ebbe Hansen
> Cc: pki-users at redhat.com
> Subject: Re: [Pki-users] error -12271 trying to ESC connect to TPS
>
> Ebbe:
>
> Could you state exactly what operation you are trying to do with ESC
> with respect to TPS.
> Are you performing the "phone home" step or actually attempting an
> enrollment?
> The default case should not require client auth which appears to be the
> case with your error.
>
> thanks,
> jack
>
> Ebbe Hansen wrote:
>
>> I am not successful connecting the ESC (Smart Card Manager) client to
>> the TPS. I have configured TPS and ESC as documented in ESC Guide.
>>
>> The error message says: "Could not establish an encrypted connection
>> because your certificate was rejected. Error -12271".
>>
>> Looks like the ESC needs a user certificate and key to establish SSL
>> connection.
>>
>> Not sure how the ESC can be configured to access a dedicated user
>> certificate & key? Can ESC detect and possibly use the TPS Admin
>> cert/key if running on same platform?
>>
>> Ehansen @ SPYRUS Corp.
>>
>>
>>
> ------------------------------------------------------------------------
>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pki-users/attachments/20081124/4309a618/attachment.bin>
More information about the Pki-users
mailing list