Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader

Not valid usually means that your computer/account is not set to trust the certificates that your certificate is based on or you plain have not activated the Certificates your certificate is based on (or your certificate is expired but that I'm assuming is not the problem)

You need to get info on your certificate, find your current certificate in both the smart card keychain and your login keychain (cmd-I or by menu), find the section "Issuer Name", then the subsection "Common Name", for example DOD Class 3 CA-10.

Next you need to search all the keychains for that Common Name, for example DOD Class 3 CA-10 is based on DOD Class 3 Root CA (this you should find in X509Certificates in your keychain listing or you have a problem/missed a step). Then you should find that root certificate, in this example DOD Class 3 Root CA in X509Anchors (same, everyone should have this certificate as well regardless of whether their CAC is based on it).

My best guess is you either missed a step or damaged something in the original attempt to get it working.

In my experience, once you have flashed a SCR331 reader then only one step needed to get the CAC & Keychain working -- that experience is based on a USB ActivCard card reader (really a SCR331 with ActivCard firmware) and about six machines, including one I formatted clean and then installed OS X 10.4.x on.

However, my experience is all on PowerPC based OS X machines, as pointed out on previous posts could be a bug in the Universal binaries for the Intel based machines.

Michael


On Jul 26, 2006, at 6:46 PM, Lucy Liew wrote:

Since my original post, I've flashed firmware version 5.18 onto my CAC reader and moved the CCID Class Driver back to where it was originally. I've also followed all the instructions according to the Naval Postdoctorate document on CAC on a Mac. With my updated reader, my laptop recognizes my reader and properly requests and knows when I've properly inputed by PIN, but it states that my certificates with my name on it are still "not valid" when I look at them via Keychain Access.

I have asked the IT people within my organization to check my CAC card and they said there wasn't any reason why it shows up as "not valid" when they used their computer--a PC.

Please advise on what I need to do so that my laptop/reader can properly read the certificates with my name on it.


From: "Hopfner, Philip (Phil) (CIV)" <email@hidden>
To: "Lucy Liew" <email@hidden>,<email@hidden>
Subject: RE: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
Date: Thu, 20 Jul 2006 07:28:20 -0700

Hello Lucy,

I can't vouch for the Virtual PC part yet (as I haven't tried it, but I
understand it works too) - but I might suggest that you go and download
the "CAC on a MAC" document at http://cisr.nps.edu/pub_techrep.html.
It's helped a fiar number of people to setup their CAC readers to work
on the Mac. And yes, you will need to flash the firmware on the card,
but the document also explains this step too.

-Phil

-----Original Message-----
From: fed-talk-bounces+phopfner=email@hidden
[mailto:fed-talk-bounces+phopfner=email@hidden] On Behalf Of
Lucy Liew
Sent: Wednesday, July 19, 2006 9:54 PM
To: email@hidden
Subject: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader

I'm new to Macs and CAC readers so please forgive me if I sound ignorant
and
asking a question that's been answered before.

I have been reading through as much of the archived information on the
Fed-Talk list as I can, and I still can't seem to get my CAC and Citrix
set
up. I have a MacBook Pro with a Mac OS X 10.4.6. I also have a SCR 331
CAC
reader. However, I don't have virtual PC. I've done the following:

1. In Keychain Access, I went into Edit Keychain List for Mac OS X and
clicked "Shared" for the X509 Cerficiates.
2. I've installed the two keychains provided by DoD into both
X509Certificates and X509Anchors
3. At one point, in Keychain Access, it recognized my smartcard as
"smartcard reader #1." However, when I clicked on my personal
certificates
with my name on it, they would show that it was "INVALID."
4. So I went into the draft guide "Smartcard Login on Tiger" and copied
and
pasted what was under "enabling smartcard login" in the Terminal mode.
I'm
not sure what happened after that, but my laptop no longer recognizes my

smartcard reader at all.
5.  I moved CCID Class Driver bunding to the desktop.
6.  I've downloaded the Citrix ICA Client for Mac.

My questions:
1. How do I get my laptop to recognize my smartcard reader again? Do I

need to undo any of the things I've done above? And if so, how do I do
that? I need basic level instruction.
2. Do I need to update my driver for the SCR331 reader to the firmware
5.18
version given that I running on version 10.4.6? It seems from what I've

read that I don't have to but I may be mistaken.
3.  Do I need VirtualPC to get this thing working?
4.  How do I make my personal certificate "valid"
5.  What am I doing wrong?

Thanks for any of your suggestions. 

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/fed-talk/email@hidden

This email sent to email@hidden
References: 
 >RE: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader (From: "Lucy Liew" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.