My S/MIME certicates stored on my Nitrokey Pro expired. Hence I tried to up update them to new ones - but I failed: Thunderbird is not able to locate any valid certificate for my email address.
I followed the instructions from the Nitrokey website:
pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key jksNew.p12 --format pkcs12 --auth-id 3 --verify-pin
Using reader with a card: Nitrokey Nitrokey Pro (00005C020000000000000000) 00 00
User PIN required.
Please enter User PIN [Admin PIN]:
Deleted 2 objects
Importing 4 certificates:
0: /C=DE/ST=XXXXX/L=XXXXX/O=XXXXX/SN=XXXX/GN=XXXX./CN=XXXXXX
1: /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2
2: /C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2
3: /C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA
Failed to store private key: Non unique object ID
the error message is apparently to be expected
– repeat command for for --id 2.
–I am using the onepin-opensc-pkcs.so (but also tried the regular 2-pin one).
– When I try to select the S/MIME certificate in Thunderbird, I am prompted for my Nitrokey User PIN, but then I get the error message:
Certificate Manager can’t locate a valid certificate that can be used to digitally sign your messages with an address of xxx@xxx.xxx.
I have no idea where the problem could be, especially since I have used the exact same setup for several years. The certifcates work fine if I import them into the software security device, but they are not visible/installed on the hardware stick.
Nitroykey Pro with HW/FW Versions 2.1
OS: Linux Mint 20.3, Thunderbird Version: 91.5.0