SEARCH

The How-To Geek Forums Have Migrated to Discourse



Join the Discussion at discuss.howtogeek.com

How-To Geek Forums / Linux

(Solved) - Aladdin eToken PRO

(11 posts)
  • Started 6 months ago by ttoomema
  • Latest reply from ttoomema
  • Topic Viewed 946 times

  • View Accepted Answer
  • Remove Solved Status
ttoomema
Posts: 11

Hello

Software: SafeNet Authentication Client 8.1 SP1
Distribution: Ubuntu 12.04
Product: Aladdin eToken PRO

Problem: Unable to use certificate for digital stamping

What i've tried to do:

1) Modified OpenSSL conf file:

[ v3_req ]
# Extensions to add to a certificate request
keyUsage = digitalSignature

2) Used OpenSSL to generate certificate request
- openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key;

3) Generated self-signed certificate;

4) Converted .Key and .CRT to .p12;

5) Imported .p12 to eToken;

Everything does seem to be working well but since Safenet Authentication Client says that certificate usage is AT_KEYEXCHANGE (although key usage is digital signature and certificate key usage nonrepudiation), then i am not able to use my eToken for digital stamping.

Is there any option to:

1) Generate .CSR and same time load private key straight to eToken;
2) Generate .CRT of .CSR;
3) Use eToken for it's purpose;

Help is really appreciated.

Posted 6 months ago #
Top
 
ttoomema
Posts: 11

Okay, 2 illustrating pictures.

This is how i want it to be:

This is how it does look like after i've done through steps mentioned on 1st post:

Posted 6 months ago #
Top
 
vistamike
vistamike
Posts: 10945

I think you need to refer to the manufacturer, this device is unknown here.

http://uk.safenet-inc.com/prod.....token-pro/

http://uk.safenet-inc.com/technical-support/

Mike

Posted 6 months ago #
Top
 
ttoomema
Posts: 11

Been there, done that. Got a reply which did not help me:

----

Dear Customer,

Thanks for contacting SafeNet Support.

We are unable to find any records with your email-id. It seems that you have purchased this product from a vendor. In such a case the support can only be channelized by your vendor.
Kindly contact him for the same. If the product has been purchased from us, kindly provide the product details which you brought from us mentioning its Sales Order No & Purchase Order No.

Your reply will be appreciated.

Posted 6 months ago #
Top
 
vistamike
vistamike
Posts: 10945

You say you modified the OpenSSL conf file.

Have you gone back to default and then start again.

Another option is to return to vendor.

As I said above, this device is unknown to us therefore any config information is useless.

Mike

Posted 6 months ago #
Top
 
LadyFitzgerald
Posts: 2232

If that is the kind of support the manufacturer offers, I would return it.

Posted 6 months ago #
Top
 
ttoomema
Posts: 11

Thank you for reply, Mike.

Okay, but if we do forget about the product and concentrate on openssl.

This .CSR (made with utility) worked fine:

and this does not work:

Posted 6 months ago #
Top
 
vistamike
vistamike
Posts: 10945

ttoomema, your request is surely altered?

Posted 6 months ago #
Top
 
ttoomema
Posts: 11

Yes, it is. One request was made in browser by local certificate authority csr generator and 2nd was made by openssl.

Subject field data (Certificate data) is not important. Private key data is important and i must be doing something wrong or there's something wrong in openssl conf.

*ill google a bit more, though tried everything*

Posted 6 months ago #
Top
 
ttoomema
Posts: 11

my bad. it .csr should look like this :)

ill try out. will tell how its going to work out.

Posted 6 months ago #
Top
 
ttoomema
Posts: 11

ah forget it. i would be thankful if you removed my thread.

pkcs11-tool --module /usr/lib/libeTPkcs11.so -k --key-type rsa:2408 -l --id 45 --label NEW

works fine.

Accepted Answer · Posted 6 months ago #
Top
 



Topic Closed

This topic has been closed to new replies. Please create a new topic instead.


Create New Topic Return to Forum