Cannot connect with PKCS11 token under Mojave (Mac OS 10.14)
Posted: Thu Oct 18, 2018 5:06 pm
Hi,
I use an Athena ID Protect to access the intranet of my company. It works for years but has stopped working after the Mojave update.
ssh with this token is still working, but when I try to open the VPN with Viscosity I get this in the logs:
---- LOG ----
2018-10-18 07:50:44: Viscosity Mac 1.7.11 (1463)
2018-10-18 07:50:44: Viscosity OpenVPN Engine Started
2018-10-18 07:50:44: Running on macOS 10.14.0
2018-10-18 07:50:44: ---------
2018-10-18 07:50:44: State changed to verbinde
2018-10-18 07:50:44: Checking reachability status of connection...
2018-10-18 07:50:45: Connection is reachable. Starting connection attempt.
2018-10-18 07:50:45: OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jul 20 2018
2018-10-18 07:50:45: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
2018-10-18 07:50:46: PKCS#11: Adding PKCS#11 provider '/Library/Application Support/Athena/libASEP11.dylib'
2018-10-18 07:50:46: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2018-10-18 07:50:46: PKCS#11: Cannot get certificate object
2018-10-18 07:50:46: PKCS#11: Cannot get certificate object
2018-10-18 07:50:46: PKCS#11: Unable get evp object
2018-10-18 07:50:46: Cannot load certificate "Athena\x20Smartcard\x20Solutions/IDProtect/015...7918/user/7B3561...377D" using PKCS#11 interface
2018-10-18 07:50:46: SIGUSR1[soft,private-key-password-failure] received, process restarting
2018-10-18 07:50:46: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2018-10-18 07:50:49: State changed to Disconnecting
2018-10-18 07:50:49: PKCS#11: Cannot get certificate object
2018-10-18 07:50:49: PKCS#11: Cannot get certificate object
2018-10-18 07:50:49: PKCS#11: Unable get evp object
2018-10-18 07:50:49: Cannot load certificate "Athena\x20Smartcard\x20Solutions/IDProtect/015...7918/user/7B3561...377D" using PKCS#11 interface
2018-10-18 07:50:49: SIGUSR1[soft,private-key-password-failure] received, process restarting
2018-10-18 07:50:49: Viscosity Mac 1.7.11 (1463)
2018-10-18 07:50:49: Viscosity OpenVPN Engine Started
2018-10-18 07:50:49: Running on macOS 10.14.0
2018-10-18 07:50:49: ---------
2018-10-18 07:50:49: State changed to verbinde
2018-10-18 07:50:50: State changed to Disconnecting
2018-10-18 07:50:50: SIGTERM[hard,init_instance] received, process exiting
2018-10-18 07:50:50: State changed to getrennt
2018-10-18 07:51:07: Viscosity Mac 1.7.11 (1463)
2018-10-18 07:51:07: Viscosity OpenVPN Engine Started
2018-10-18 07:51:07: Running on macOS 10.14.0
2018-10-18 07:51:07: ---------
I use an Athena ID Protect to access the intranet of my company. It works for years but has stopped working after the Mojave update.
ssh with this token is still working, but when I try to open the VPN with Viscosity I get this in the logs:
---- LOG ----
2018-10-18 07:50:44: Viscosity Mac 1.7.11 (1463)
2018-10-18 07:50:44: Viscosity OpenVPN Engine Started
2018-10-18 07:50:44: Running on macOS 10.14.0
2018-10-18 07:50:44: ---------
2018-10-18 07:50:44: State changed to verbinde
2018-10-18 07:50:44: Checking reachability status of connection...
2018-10-18 07:50:45: Connection is reachable. Starting connection attempt.
2018-10-18 07:50:45: OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jul 20 2018
2018-10-18 07:50:45: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10
2018-10-18 07:50:46: PKCS#11: Adding PKCS#11 provider '/Library/Application Support/Athena/libASEP11.dylib'
2018-10-18 07:50:46: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2018-10-18 07:50:46: PKCS#11: Cannot get certificate object
2018-10-18 07:50:46: PKCS#11: Cannot get certificate object
2018-10-18 07:50:46: PKCS#11: Unable get evp object
2018-10-18 07:50:46: Cannot load certificate "Athena\x20Smartcard\x20Solutions/IDProtect/015...7918/user/7B3561...377D" using PKCS#11 interface
2018-10-18 07:50:46: SIGUSR1[soft,private-key-password-failure] received, process restarting
2018-10-18 07:50:46: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2018-10-18 07:50:49: State changed to Disconnecting
2018-10-18 07:50:49: PKCS#11: Cannot get certificate object
2018-10-18 07:50:49: PKCS#11: Cannot get certificate object
2018-10-18 07:50:49: PKCS#11: Unable get evp object
2018-10-18 07:50:49: Cannot load certificate "Athena\x20Smartcard\x20Solutions/IDProtect/015...7918/user/7B3561...377D" using PKCS#11 interface
2018-10-18 07:50:49: SIGUSR1[soft,private-key-password-failure] received, process restarting
2018-10-18 07:50:49: Viscosity Mac 1.7.11 (1463)
2018-10-18 07:50:49: Viscosity OpenVPN Engine Started
2018-10-18 07:50:49: Running on macOS 10.14.0
2018-10-18 07:50:49: ---------
2018-10-18 07:50:49: State changed to verbinde
2018-10-18 07:50:50: State changed to Disconnecting
2018-10-18 07:50:50: SIGTERM[hard,init_instance] received, process exiting
2018-10-18 07:50:50: State changed to getrennt
2018-10-18 07:51:07: Viscosity Mac 1.7.11 (1463)
2018-10-18 07:51:07: Viscosity OpenVPN Engine Started
2018-10-18 07:51:07: Running on macOS 10.14.0
2018-10-18 07:51:07: ---------