OpenSSL: error:C506D064:microsoft cryptoapi:NCryptSignHash:This smart card does not support the requested feature.
Posted: Tue Mar 02, 2021 9:40 pm
Hi,
I am trying to fix my TPM setup that stopped working recently. It was due update of either pfSense (and underlying openssl) or my windows 10.
I followed few manuals 2 years ago how to set up. No, certs didn't expire. And it was working till last weekend.
It halt on:
Most important lines of client config that was there for a while:
I ve tried to recreate TPM Virtual card, regerated certs. Same result.
Will appreciate if anyone can give a hint what direction to start.
I am trying to fix my TPM setup that stopped working recently. It was due update of either pfSense (and underlying openssl) or my windows 10.
I followed few manuals 2 years ago how to set up. No, certs didn't expire. And it was working till last weekend.
It halt on:
Code: Select all
2021-03-02 13:29:50 us=608868 cryptoapicert: enter pkey_rsa_sign_init
2021-03-02 13:29:50 us=608868 cryptoapicert: PSS padding using saltlen = 32
2021-03-02 13:29:50 us=608868 cryptoapicert: calling priv_enc_CNG with alg = SHA256
2021-03-02 13:29:50 us=608868 Signing hash using CNG: data size = 32 padding = 8
2021-03-02 13:29:50 us=979453 OpenSSL: error:C506D064:microsoft cryptoapi:NCryptSignHash:This smart card does not support the requested feature.
2021-03-02 13:29:50 us=979453 OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
2021-03-02 13:29:50 us=995080 TLS_ERROR: BIO read tls_read_plaintext error
2021-03-02 13:29:50 us=995080 TLS Error: TLS object -> incoming plaintext read error
2021-03-02 13:29:50 us=995080 TLS Error: TLS handshake failed
2021-03-02 13:29:50 us=995080 Fatal TLS error (check_tls_errors_co), restarting
Code: Select all
persist-tun
persist-key
cipher AES-256-CBC
ncp-disable
auth SHA512
tls-client
client
cryptoapicert "THUMB:******************************************"
Will appreciate if anyone can give a hint what direction to start.
works for you ..