[strongSwan] Trouble configuring vpn connection to strongswan using smartcard

Nathan Hüsken nathan at wintercloud.de
Thu Jul 19 17:11:36 CEST 2018 

Hey,

Thanks for the reply and help! I tried around a little more, everything seems fine.

* extract the subjectKeyIdentifier:

OK, I am trying to find out the subjectKeyIdentifier:

    > pkcs15-tool --read-certificate 3 > cert.pem
    > pki --keyid --in cert.pem --type x509

    subjectKeyIdentifier:      <id>

OK, so far so good.

* look for a public key having the certificates subjectKeyIdentifier as ID

    > pkcs15-tool --read-public-key 3 > key.pem
    > pki --keyid --in key.pem --type pub

    subjectKeyIdentifier:      <id>

The ids match! So it should be fine!

* The certificate needs the TLS CLient Auth Extended Key usage flag.
I test this with:

    > openssl x509 -in cert.pem -text -noout
    ...
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
    ...

Thank you for the help!

Any other help on why this does possibly not work?

Nathan


[1] https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager#Smart-card-requirements

​--

Dr. Nathan Hüsken

Cloud Developer

nathan at wintercloud.de

+49 151 703 478 84

wintercloud GmbH & Co. KG

Emil-Maier-Str. 16

69115 Heidelberg

wintercloud.de

Sitz der Kommanditgesellschaft: Heidelberg, Registernummer der Kommanditgesellschaft im Handelsregister: AG Mannheim HRA 707268

Komplementärin: junah GmbH, Sitz der Komplementärin: Heidelberg, Registernummer der Komplementärin im Handelsregister: AG Mannheim HRB 726538, Geschäftsführer der Komplementärin: Julian Wintermayr und Dr. Nathan Hüsken

USt-IdNr.: DE815676705​

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On 17 July 2018 11:01 AM, Tobias Brunner <tobias at strongswan.org> wrote:

> ​​
> 
> Hi Nathan,
> 
> > -   If I use smartcard, I get prompted for my pin but then it says in the
> >     
> >     logs:
> >     
> > 
> > VPN connection: failed to connect: 'no usable smartcard certificate
> > 
> > found.'
> > 
> > This is unfortunately not very informative. I wonder: Does it not find
> > 
> > the certificate on the smartcard? Did I copy the wrong certificate?
> 
> Did you read the requirements at [1]?
> 
> Regards,
> 
> Tobias
> 
> [1]
> 
> https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager#Smart-card-requirements

More information about the Users mailing list