Firefox Unable To Load Pkcs11 Module
CentOS 7, In firefox -> privacy & security -> certificates -> security devices i am trying to load the pkcs11 modules, but get the error unable to load.
I am following the directions at https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which contains /usr/lib64/openssl/engines/pkcs11.so and am using that is the module
Has anybody here done that, and can offer advice?
Tony Schreiner
3 thoughts on - Firefox Unable To Load Pkcs11 Module
Answering myself, though not completely solved.
I should have instead been loading /usr/lib64/opensc-pksc11.so
Hi Tony, Have you solved this problem yet?I took another approach and used CACkey which supportsUS Government PIV cards including the CAC. In my case I set it up on Linux Mint but there is an rpm version of CACKey for 32 or 64 bit CentOS.Here is the process I went through.
– setup CAC card by following instructions on:
https://help.ubuntu.com/community/CommonAccessCard sudo apt-get install libpcsclite1 pcscd pcsc-tools
– download CACkey from https://cackey.rkeene.org/fossil/index sudo dpkg -i cackey_0.7.5-1_amd64.deb The above command failed with:
“dpkg: error processing archive cackey_0.7.5-1_amd64.deb (–install):
unable to create ‘/libcackey.so.dpkg-new’ (while processing ‘./usr/lib64/libcackey.so’): No such file or directory dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
cackey_0.7.5-1_amd64.deb”
– as root I created the directory /usr/lib64 and ran the command again!!!!!!It Worked!!!!!!!
– ran command pcsc_scan and it found my CAC
– had to manually install the DoD root certificates
– certificates were manually installed one at a time for both Thunderbird and Firefox It turned out to be much easier than I thought it would to get my PIV working on a Linux machine. Hope that helps.Ed
Answering myself, though not completely solved.
I should have instead been loading /usr/lib64/opensc-pksc11.so
I was advising someone at a remote site, so didn’t see the full experience. But once I provided the correct path for the module, he was able to load it and complete the authentication. Sorry I don’t have more details.
But thanks for the info, I’ll save it. Tony