Cannot get certificate 'x509-27000000-02' from provider #221
Comments
|
It occurs cause Fortify cannot get certificate value from your token. Yubikey PKCS#11 library throws Looks like you've got this error https://github.com/Yubico/yubico-piv-tool/blob/f794d023920dca658a34a918439040dfd1bdefc2/ykcs11/objects.c#L526
|
|
Jeffrey are other tools able to get the certificate? |
|
Yes, Yubikey PIV manager can load and display the certificate. I can also view it in Windows. |
|
They are likely not using PKCS11 and instead using (in the first case) their proprietary API and in the second case the CSP or MD. Maybe on windows we should rely on CSP/MD. The Yubikey P11 is notoriously bad. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When trying to load the "Tools" page of Fortify one of my certificates stored on my Yubikey (tested on yubikey 4 and 5) does not show up. Looking in chrome dev tools the error is reported as:
Checking the logs, it appears the issue traces back to webcrypto:
{"message":"Server: Initialize secure session origin:https://tools.fortifyapp.com id:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 authorized:true","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 server/isLoggedIn","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider/action/info","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider/action/getCrypto","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider:314b7e9218b494301e255ed92a58d65dc3aaaa8b crypto/isLoggedIn","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider/action/getCrypto","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider:a7370eae6951997646c5bfedf8f3df0d8b8b698d crypto/isLoggedIn","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider/action/getCrypto","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider:0bbb1473a9c09487d6bca1506a5865b14bdd061f1661c10b29b61ae35d3af469 crypto/isLoggedIn","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider/action/getCrypto","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider:0bbb1473a9c09487d6bca1506a5865b14bdd061f1661c10b29b61ae35d3af469 crypto/isLoggedIn","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider:0bbb1473a9c09487d6bca1506a5865b14bdd061f1661c10b29b61ae35d3af469 crypto/keyStorage/keys","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider:0bbb1473a9c09487d6bca1506a5865b14bdd061f1661c10b29b61ae35d3af469 crypto/certificateStorage/keys","level":"info"}
{"message":"Server: session:d59dece1a556417b4094ed2a8d61a4e15ee88cc9135a69da96986624982b2dc4 provider:0bbb1473a9c09487d6bca1506a5865b14bdd061f1661c10b29b61ae35d3af469 crypto/certificateStorage/getItem","level":"info"}
{"message":"Error: CKR_FUNCTION_FAILED:6\n at Error (native) PKCS11::C_GetAttributeValue:447\n at X509Certificate.getAttribute (C:\Program Files\Fortify\resources\app.asar\node_modules\graphene-pk11\build\object.js:52:25)\n at X509Certificate.get (C:\Program Files\Fortify\resources\app.asar\node_modules\graphene-pk11\build\object.js:70:21)\n at X509Certificate.get value [as value] (C:\Program Files\Fortify\resources\app.asar\node_modules\graphene-pk11\build\objects\certs\x509.js:37:21)\n at X509Certificate.get value [as value] (C:\Program Files\Fortify\resources\app.asar\node_modules\node-webcrypto-p11\build\cert.js:132:46)\n at X509Certificate.getData (C:\Program Files\Fortify\resources\app.asar\node_modules\node-webcrypto-p11\build\cert.js:209:29)\n at X509Certificate.get serialNumber [as serialNumber] (C:\Program Files\Fortify\resources\app.asar\node_modules\node-webcrypto-p11\build\cert.js:117:33)\n at ServiceCryptoItem.toX509Proto (C:\Program Files\Fortify\resources\app.asar\node_modules\@webcrypto-local\server\build\index.js:1086:39)\n at ServiceCryptoItem.toProto (C:\Program Files\Fortify\resources\app.asar\node_modules\@webcrypto-local\server\build\index.js:1111:29)\n at CertificateStorageService.onMessage (C:\Program Files\Fortify\resources\app.asar\node_modules\@webcrypto-local\server\build\index.js:2271:56)\n at processTicksAndRejections (internal/process/task_queues.js:86:5)","level":"error"}
I have attached the certificate in question.
certnew.zip
The text was updated successfully, but these errors were encountered: