Tinkering with Linux & OSX: TaxOnWeb with Ubuntu and Chrome

March 2016 / Ubuntu 15.10 - partially working

Needed to use

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0

May 2015 - sometimes works

Ubuntu 15.04

I needed to delete all of .pki/nssb/* and use

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so

to get it working.

April 2014 - Working :-)

Ubuntu 14.10

Smartcard reader - HID Global 1021 (no longer commercialised)

Bud-gets card does not work for me.

Following the instructions from the Wiki, namely:

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so
the driver was loaded and could be detected via

modutil -dbdir sql:.pki/nssdb/ -list
Card recognised by pcsc_scan, and by the eID viewer

Chrome - works, but not always ;-)

My experience is that Chrome can connect if I log out and login, but does not always work once I have been logged into my Linux account for a while (and simply restarting Chrome is not sufficient). The error I receive on the Test site is:

Error code: ERR_SSL_PROTOCOL_ERROR

Notes
An error message as below simply means that the directory .pki/nssdb does not exist and needs to be created manually.

modutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.

Firefox - works :-)

March 24 - not working

Status: #fail
Chrome 26 (beta); Ubuntu 12.10

Either

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Or I run - based on the official Wiki:

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so
modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so -mechanisms FRIENDLY -force

and then Chrome segfaults on launch, and can only be started again after deleting ~/.pki/nssdb

This is what I have in ~/.pki/nssdb/pkcs11.txt when it will not start:

library=/usr/lib/libbeidpkcs11.so
name=Belgium eID
NSS=slotParams={0x00000000=[slotFlags=PublicCerts rootFlags=hasRootTrust] }

And, another error seems to be:

~$ certutil -L -d .pki/nssdb/
certutil: function failed: The certificate/key database is in an old, unsupported format.

June 2013 - working

There are (at least) three versions of the software on the Internet:

From the official site (dutch)- version 4.0.2 - download the ubuntu(32bit) deb and install in the usual manner

Firefox - working
The official FAQ on Firefox is farcical - in short, Tax-on-Web is not available in Firefox 4 and above because this browser does not support the SSL connection that the Belgian state acknowledges it is is using, because it is relatively insecure (this has also received press attention)!

And it's true, when you try to connect with Firefox 4+ you get an error:

Error code: ssl_error_renegotiation_not_allowed

There is a way of forcing Firefox to work with this insecure connection method - see here or here. Taxonweb further enforces its restrictions via a user-agent sniff, so you need a switching add-on - use any Microsoft user-agent - to be permitted to pay taxes!

Then all you need to do accept the certificate and permit access to card dialogues, and enter your PIN code.

Chrome - working

Follow http://code.google.com/p/eid-mw/wiki/ChromeLinux
Install a user-agent switcher from the Chrome store, and switch to Firefox (IE does not work)

1 comment:

Unknown said...: I'm on raring (13.04 64-bit).

I installed the .deb packages available here: (install through dpkg -i )

http://eid.belgium.be/nl/je_eid_gebruiken/de_eid-middleware_installeren/linux/

After this I installed the USB driver for VASCO DIGIPASS 905

http://shop.vasco.com/support_step2.aspx#ubuntu

As a last step I installed the Firefox eID Add-On, from here:

https://addons.mozilla.org/en-US/firefox/addon/belgium-eid/

I could not get it to work in Chrome, not even with a User-Agent switcher.; 4 June 2013 at 16:25

Tinkering with Linux & OSX

22 April 2014

TaxOnWeb with Ubuntu and Chrome