Greetings to forum!

I am crazy about resolve issue with connecting to VPN via openconnect using smart card and two other certificate files. I'll describe how am I connecting on Windows machine.

I have two certificates, the cer files. Then I have smart card with PIN. There are also some certificates on that smart card. Using Cisco AnyConnect I just pres the button and everything works fine.

Linux box setup:
Fedora Fedora 26
kernel: 4.13.11-200.fc26.x86_64
OpenConnect version v7.08
OpenSSL 1.1.0f-fips 25 May 2017
p11tool 3.5.16
pcsc-lite version 1.8.22.

I have converted DEM certificates to PEM
sudo openssl x509 -inform der -in ~/cert1.cer -out /etc/pki/ca-trust/source/anchors/cert1.pem
sudo openssl x509 -inform der -in ~/cert2.cer -out /etc/pki/ca-trust/source/anchors/cert2.pem
sudo update-ca-trust
then using p11tool I fetched URI's

p11tool  --list-tokens --provider=/usr/lib64/
p11tool  --list-all-certs 'pkcs11:model=myGreatModel' --provider=/usr/lib64/
openconnect -c 'pkcs11:model=myGreatModel my.vpn.gateway
but endup with following error message
POST https://my.vpn.gateway/
Connected to X.X.X.X:443
Error loading certificate from PKCS#11: The requested data were not available.
Loading certificate failed. Aborting.
Failed to open HTTPS connection to my.vpn.gateway
Failed to obtain WebVPN cookie
When I look into the certificate (exported as pem) I can see BEGIN and END. I do not understand why I have two certificates. I gues one is issuer/publisher and 2nd is pure certificate. On card I have certificates generated on Active Directory connected with my user name on AD.

I don't know if I should place certificates (not those from smart card) into /etc/pki.... or where. I don't know how come that Linux is not asking me about PIN ( I remember only once ) and allows me to fetch certificates URI's from smart card. I don't know how to point openconnect to fetch certificate from my /etc/pki directory and also use certificates from smart card. I am really confused

Thanks for any help!