On your application page:
https://www.nitrokey.com/documentation/applications#p:nitrokey-pro&os:linux&a:vpn-access
The instructions mention:
openssl req -engine pkcs11 -sha256 -new -key id_3 -keyform engine -out -config <OPENSSL.CNF> -extensions usr_client
- The OPENSSL.CNF file: where can I find it or how can I create this? Any special instructions?
- -extensions usr_client: is this something from the CNF file? Only 30 hits on google
Omitting both does not work:
$ openssl req -engine pkcs11 -sha256 -new -key id_3 -keyform engine -out nitro_daan.csr
engine “pkcs11” set.
No private keys found.
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
140247808770496:error:80067065:pkcs11 > engine:ctx_load_privkey:object not found:eng_back.c:876:
140247808770496:error:26096080:engine
routines:ENGINE_load_private_key:failed loading private key:…/crypto/engine/eng_pkey.c:78:
unable to load Private Key
I’n on Ubuntu 18 with apt install opensc libopensc-openssl
I have not installed the NitroKey App because this pulls in Qt, X etc (doing this on a server/terminal only machine). Is the OPENSSL.CNF found there perhaps?