CentOS - Apr 2020 - firefox unable to load pkcs11 module

CentOS 7, In firefox -> privacy & security -> certificates ->
security
devices
i am trying to load the pkcs11 modules, but get the error  unable to load.

I am following the directions at
https://piv.idmanagement.gov/engineering/firefox/

I have installed opensc and openssl-pkcs11, which
contains /usr/lib64/openssl/engines/pkcs11.so
and am using that is the module

Has anybody here done that, and can offer advice?

Tony Schreiner

On Thu, Apr 2, 2020 at 12:47 PM Tony Schreiner <anthony.schreiner at
bc.edu>
wrote:
> CentOS 7, In firefox -> privacy & security -> certificates ->
security
> devices
> i am trying to load the pkcs11 modules, but get the error  unable to load.
>
> I am following the directions at
> https://piv.idmanagement.gov/engineering/firefox/
>
> I have installed opensc and openssl-pkcs11, which
> contains /usr/lib64/openssl/engines/pkcs11.so
> and am using that is the module
>
> Has anybody here done that, and can offer advice?
>
Answering myself, though not completely solved.

I should have instead been loading /usr/lib64/opensc-pksc11.so

Hi Tony,
Have you solved this problem yet?I took another approach and used CACkey which
supportsUS Government PIV cards including the CAC.? In my case I set it up on
Linux Mint but there is an rpm version of CACKey for 32 or 64 bit Centos.Here is
the process I went through.
- setup CAC card by following instructions on:
https://help.ubuntu.com/community/CommonAccessCard
sudo apt-get install libpcsclite1 pcscd pcsc-tools
- download CACkey from https://cackey.rkeene.org/fossil/index
sudo dpkg -i cackey_0.7.5-1_amd64.deb
The above command failed with:
"dpkg: error processing archive cackey_0.7.5-1_amd64.deb (--install):
?unable to create '/libcackey.so.dpkg-new' (while processing
'./usr/lib64/libcackey.so'): No such file or directory
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
?cackey_0.7.5-1_amd64.deb"

- as root I created the directory /usr/lib64 and ran the command again!!!!!!It
Worked!!!!!!!
- ran command pcsc_scan and it found my CAC
- had to manually install the DoD root certificates
- certificates were manually installed one at a time for both Thunderbird and
Firefox
It turned out to be much easier than I thought it would to get my PIV working on
a Linux machine.
Hope that helps.Ed


    On Thursday, April 2, 2020, 1:37:32 PM EDT, Tony Schreiner
<anthony.schreiner at bc.edu> wrote:
 
 On Thu, Apr 2, 2020 at 12:47 PM Tony Schreiner <anthony.schreiner at
bc.edu>
wrote:
> CentOS 7, In firefox -> privacy & security -> certificates ->
security
> devices
> i am trying to load the pkcs11 modules, but get the error? unable to load.
>
> I am following the directions at
> https://piv.idmanagement.gov/engineering/firefox/
>
> I have installed opensc and openssl-pkcs11, which
> contains /usr/lib64/openssl/engines/pkcs11.so
> and am using that is the module
>
> Has anybody here done that, and can offer advice?
>
Answering myself, though not completely solved.

I should have instead been loading /usr/lib64/opensc-pksc11.so
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mailman/listinfo/centos