• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] NMCI Webmail
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] NMCI Webmail

  • Subject: Re: [Fed-Talk] NMCI Webmail
  • From: Shawn Geddis <email@hidden>
  • Date: Mon, 9 May 2005 18:39:47 -0400
On Apr 29, 2005, at 11:42 AM, Lawlin, David C CIV (NAVAIR 4.1.3) wrote:

I have tried, unsuccessfully, to use NMCI WEBMAIL using my Powerbook running 10.3.9 and as of last night 10.4.
I imported my NMCI Certificates into the KeyChain manager but when I go to https://webmail.nmci.navy.mil it informs me that I do not posses a valid certificate. I do have PKI card but not a reader however, my understanding, according to Shawn and the experience of a colleague who has successfully done so without using his CAC card, is that I should be able to do so. 

David,

If you have attempted to access the above website, you are using a "Soft Cert" and it still says you do not posses a valid certificate than I would have to assume that you did not add the X509Certifcates keychain to your keychain list. Noted in a message earlier today:

The DoD Intermediate CAs are not available to the Keychain List by default
-- Federal Customers within DoD will need to add the "X509Certificates" to the list

a) Launch Keychain Access
b) Select "Edit -> Keychain List"
c) Select "Show: Mac OS X (System)"
d) Check "Shared" checkbox next to "X509Certificates" (/System/Library/Keychains)
e) X509Certificates will now appear in the Keychains List and will be available for
Intermediates for the whole trust path validation.

The problem you experienced is that the Intermediate Certificates located in the "X509Certificates" were not available to the system and hence the OS could not generate a validated trust path from the client cert all the way thru to the Trusted Root CA Certificate which is located in the "X509Anchors" keychain.


Everyone can validate if this is the case they are experiencing if they too have this problem.

How to Validate you have a complete Trust path of Certs for your Soft Cert or Smart Card:
------------------------------------------------------------------------ ---------------------------------------
1) Check your Personal Certificates' information and note the Issuer Name - Common Name
For Example: DOD CLASS 3 EMAIL CA-3

2) Locate the Above Issuer's Certificate (most likely in the X509Certificates keychain)
3) Identify and note the Issuer Name - Common Name of this Certificate
For Example: DoD CLASS 3 Root CA
4) Identify and note the Issuer Name - Common Name of this Certificate -- Should be itself!!!!
For Example: DoD CLASS 3 Root CA issued the DoD CLASS 3 Root CA Cert (Self-Signed)

*** Full Trust Path Validated!

-Shawn



Shawn Geddis                              T (703) 264-5103
Security Consulting Engineer    C (703) 623-9329
US Federal Government           email@hidden

Apple Computer, Inc.
1892 Preston White Drive
Reston, VA 20191

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: [Fed-Talk] NMCI Webmail
  • Next by Date: Re: [Fed-Talk] Navy CAC Card Reader and NMCI Webmail
  • Previous by thread: Re: [Fed-Talk] NMCI Webmail
  • Next by thread: [Fed-Talk] beautiful apple videos
  • Index(es):
    • Date
    • Thread