ubuntu smart card authentication failed using self signed certificate

0
votes

I am using smart card to do authentication under Ubuntu 12.04.5 TLS. The smart card I use is Gemalto v2 .net .

I followed the instructions listed here

To summarize my steps:

  1. Firstly I installed the necessary software, and make pkcs11-tool read/write the card OK.
  2. I configure the pam sudo to use choose smart card authentication.
  3. I generate the self signed certificate using the Openssl engine-pkcs11 plugin. then register the certificate with the Ubuntu, and the key and certificate are written into the smart card.
  4. Finally, I execute command: sudo -i

Then, I am prompted to input the smart card PIN code. After input, I get some error like:

DEBUG:cert_vfy.c:350: Adding hash dir '/etc/pam_pkcs11/cacerts' to CACERT checks
ERROR:pam_pkcs11.c:595: verify_certificate() failed: certificate is invalid: self signed certificate
ERROR:pam_pkcs11.c:658: no valid certificate which meets all requirements found
Error 2336: No matching certificate found

Does anybody know what's the meaning of the error?

1
ubuntusmartcardpam

1 Answers

0
votes

When you write sudo -i, the user is root By default.

So, if you generate the signature for another user in your card, you must write this command :

# sudo - TheUserName -i