2. The "signature algorithm" is sha1RSA.I'm not sure that matches what the server has specified.
The certificate path is TC TrustCenter Class 3 CA II / Trans Sped Qualified CA II /Maricica TimaruNo. As long as you have either of them it is OK.
In the debug log I have "*TC TrustCenter Class 3 CA II*" as a trusted certificate authority, but I don't have "*Trans Sped Qualified CA II*" as a trusted authority.
1. There is a certificate stored on the token.It's fine.
2. The "signature algorithm" is sha1RSA.We normally need the public key algorithm here, rather than the signature algorithm in the cert.
3. I can see the certificate path from IE.It does not make sense. You use the smart card token as the key store. IE has no connect with the smart card.
827588 wrote:It must be another solution. I write this because I made a test with another application made in visual basic that creates the socket successfully.
To solve the issue, you may need to import the intermediate certificates between the smart card cert (CN=Maricica Timaru ...) and the trusted cert (CN=TC TrustCenter ...) into the smart card. Or contact your smart card provider. Otherwise, there is no way to find the complete certification path to the server trusted issuers.
All my certificates from the tokens are installed in IE and I can find them there.3. I can see the certificate path from IE.It does not make sense. You use the smart card token as the key store. IE has no connect with the smart card.
Again, from the log, I can only find one cert:Yes, I can find a complete certification path with my working token - Oberthur.
Subject: CN=Maricica Timaru, SURNAME=Timaru, GIVENNAME=Maricica, OU=Functia: Administrator, O=Farmacia Mara S.R.L., C=RO
Issuer: CN=Trans Sped Qualified CA II, OU=Individual Subscriber CA, O=Trans Sped SRL, C=RO
The issuer of the certificate is not trusted by the server, i.e., it is not in the list of server required Cert Authorities.
If you believe that the certificate can be chained to <CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE>. It's clear that the smart card certificate cannot be act as a complete certification path, it cannot be chained to <CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE>, the trusted cert.
I think if you check the other workable smart card, you should be able to find a complete certification path to a trusted anchor.