ben wrote: > In my case both the attributes CKA_ID and CKA_LABEL are set to a same > unique name regardless whether the cert subject name is unique or not. > For the corresponding private key the CKA_ID and CKA_LABEL attributes > are also set to the same value as that of CKA_ID and CKA_LABEL > attributes of its cert's.
> Can CKA_ID and CKA_LABEL be set to the same value or not? Yes, they are separate spaces, so I think it doesn't matter if their values match each other, or not, as long as each is unique within its own space. > From my log file I cannot see a reason of why the browser didn't pick > up the selected private key. Some questions: a) When you see the dialog for choosing a certificate, do the names of the certs that appear in that dialog bear the strings from your CKA_LABEL attributes? Do the names in that list start with the name of your token or slot? e.g. token name: cert label ? b) how many certs from your module appear in that list? c) Does the browser then ask for the wrong key, e.g. a key for a different cert in your token? or does it fail to ask for any key from your module? d) You're doing SSL client authentication. What does the server see? - no client auth at all? - client auth with the wrong cert? - client auth with the right cert but a bad signature? -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
