Re: [Fed-Talk] ActivCard Reader setup
Re: [Fed-Talk] ActivCard Reader setup
- Subject: Re: [Fed-Talk] ActivCard Reader setup
- From: Dalton Hamilton <email@hidden>
- Date: Tue, 1 Nov 2005 14:29:38 +0100
<NOTE: Most of the information I post here comes directly form the
Apple Federal Systems engineer I've been working with.>
The best thing is for everyone to flash the firmware (currently
v5.18) which makes the reader full CCID Compliant. It is then fully
supported by the CCID Class Driver in Mac OS X 10.4.x rather than the
problematic SCR331 (pseudo ccid) driver that was pr-installed in Mac
OS X 10.3.x. I have this flash update if anyone needs it -- size is
approx 252KBytes in zip format.
Let me restate: Mac OS X 10.4.x does NOT install the SCR331 driver
that was pre-installed in 10.3.x, so if you have one of these
readers, it is best that you flash the unit for optimal user experience.
There is no need to install any middle-ware on OSX 10.4.x, since all
of the support for the US Federal Smart Cards is built in.
Go to the Applications->Utilities folder and start the KeyChain
Access app. Then go to Edit->Keychain Lists and click the switch to
enable X509Certificates. The bottom left corner of the Keychain
Access app has a button labeled "Hide Keychains." Click this to show
the keychains currently on your system. Keep in mind that the CAC
card is treated as a keychain in OSX. You can't write to it or store
other certificates there as you might do with other keychains, but it
is a keychain. Your certificates are already on the CAC.
Next, connect your CAC reader to your system and then insert your
CAC. You should see a new entry in the top left Keychains portion of
the Keychain application -- this entry will read "smart card #2."
The appearance of the Smart Card as a Keychain is new to Mac OS X
10.4.x - Tiger. Smart Cards become dynamic in nature and appear in
the Keychain list when they are inserted and disappear when they are
removed. The modifications you made to 'enable' X509Certificates is
separate from the Smart Card. At this point, you can click on the
smart card keychain and the contents of your CAC should show in the
right side.
If you cannot see your smart card keychain, I'd suggest restarting
your system once and try again. Tiger starts Smart Card Services
when you initially connected the reader. It will shut down 2 minutes
after the card is removed for lack of Smart Card activity. The
system 'should' restart the services when you insert the card again,
but issues relating to the shutdown of services as well as a system
going to sleep (which I am not sure was true in your case or not) are
being addressed and will be available in a future software release.
Issues with the restarting of Smart Card Services after being
shutdown or when a system goes to sleep are causing your system to no
longer recognize that there is a Smart Card inserted. For those who
care, securityd is not relaunching each of the tokend items (CAC,
BELPIC, JPKI) and hence the card and reference to its contents are
not being propagated up the chain. I've seen cases where OSX won't
recognize the CAC reader and requires a restart for it to work.
Once the system is recognizing your CAC and you see your
certificates, you should be able to browse to the PKI required sites
and it will prompt you for your PIN for your CAC and it will work.
If you use Apple Mail, you should be able to digitally signing and
encrypt/decrypt email -- likewise with Entourage.
-----------------------------------------------------------------
Dalton Hamilton
email@hidden
TIMPO Europe Senior Network Engineer (APPTIS)
Office Location: Landstuhl Regional Medical Center
Desk Civilian: 011.49.6371.86.7222
Desk DSN: 314.486.7222
Cell: 011.49.170.330.2182
Fax: 011.49.6371.86.6060
APPTIS
8626 Tesoro Dr. Suite 450 | San Antonio, TX 78217
800.862.2883 | www.apptis.com <http://www.apptis.com/>
** PROPRIETARY & CONFIDENTIAL ** This email and any attachments are
confidential and/or proprietary and intended solely for the named
recipients. Unauthorized use, copying, or distribution is prohibited.
If you received this e-mail in error, please notify me by replying
and delete the message without copying or disclosing it. Thank you.
BEGIN:VCARD
VERSION:3.0
N:Hamilton;Dalton;;;
FN:Dalton Hamilton
ORG:APPTIS;
TITLE:European Senior Network Engineer
EMAIL;type=INTERNET;type=WORK;type=pref:email@hidden
EMAIL;type=INTERNET;type=HOME:email@hidden
TEL;type=WORK:011 49 6371 86 7222
item1.TEL:0170 330 2182
item1.X-ABLabel:Cell from GE
item2.TEL:011 49 170 330 2182
item2.X-ABLabel:Cell from US
item3.TEL;type=pref:(314) 486-7222
item3.X-ABLabel:DSN
item4.ADR;type=HOME;type=pref:;;LRMC\nCMR 402 Box 683;APO AE;;09180;Germany
item4.X-ABLabel:APO
item4.X-ABADR:us
BDAY;value=date:1964-08-26
X-AIM;type=WORK;type=pref:email@hidden
X-ABUID:7C888198-223F-403E-B878-072E8D01D092\:ABPerson
END:VCARD
On Nov 1, 2005, at 1:25 PM, Billy Lenox wrote:
I need the Same thing for my Apple Computers
Thanks
Billy
On Oct 31, 2005, at 4:07 PM, Mike Dougherty wrote:
Hello,
I have the following setup:
OS X: 10.4.2
Smart Card Reader: ActivCard
My Powerbook is my personal computer, but I need to be able to
access certain Government sites which require CAC's.
I have not been able to find a HOWTO or FAQ that would instruct me
on how to setup my system. Is there a site or document someplace
that would help me out?
Thanks,
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mac.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden