Yo guys,
trying to get my new Nitrokey 3c to work with windows native vpn client authenticating against strongswan using EAP-TLS.
Everythings working fine using certs from the local windows cert store but while generating a key / csr on nk3, signing it and loading the cert to the nk using nitropy, seems to work fine the windows native vpn client doesnt seem to be able to read the certificate off of it. Its blinking in green when i try to connect to the vpn server but then then throws an error telling me there are no certs on my client to provide the server.
# generating privkey / csr
.\nitropy-v0.7.3-x64-windows-binary.exe nk3 piv --experimental generate-key --key 9A --algo rsa2048 --subject-name "nitrokey" --domain-component "nitrokey" --path C:\tmp\nitrokey.pem --pin 123456
# signed it using my ca
# loading the signed cert
.\nitropy-v0.7.3-x64-windows-binary.exe nk3 piv --experimental write-certificate --format PEM --path C:\tmp\nitrokey.crt
What I tried:
- installing opensc
- regenerating the privkey / csr and resigning it (hoping i did something work before)
What I want to try but dont know if possible: Generate and Sign a certificate using my ca directly and loading it including the privkey to the NK3. Is that possible?
Also wanted to reset the whole thing and try again but sadly this happens when I do
.\nitropy-v0.7.3-x64-windows-binary.exe nk3 piv --experimental factory-reset
Command line tool to interact with Nitrokey devices 0.7.3
Nitrokey CCID/ICCD Interface 0
Critical error:
An unhandled exception occurred
Exception encountered: StatusError(27013)
Hope you guys have an idea on how to troubleshoot/fix this.
EDIT:// Ok it seems chrome and edge cant read the cert off of the nitrokey either. tested with some websites that support PIV/Cert login. I seem to be doing something wrong…