Re: [Fed-Talk] ActivCard Reader setup
Re: [Fed-Talk] ActivCard Reader setup
- Subject: Re: [Fed-Talk] ActivCard Reader setup
- From: "Timothy J. Miller" <email@hidden>
- Date: Tue, 01 Nov 2005 08:31:13 -0600
Dalton Hamilton wrote:
Once the system is recognizing your CAC and you see your certificates,
you should be able to browse to the PKI required sites and it will
prompt you for your PIN for your CAC and it will work. If you use
Apple Mail, you should be able to digitally signing and encrypt/decrypt
email -- likewise with Entourage.
Note also that Safari has a bug; if you hold a cert and private key in
your login keychain, Safari will not use the certs and keys on any
smartcard keychain. This appears to be independent of whatever
certificate trust list is exchanged during the SSL handshake. If you
don't have a personal certificate in your login keychain, you should be
good to go.
Also, Mozilla and Mozilla-dervied browsers (not Camino, which is not
Mozilla-derived; it uses Mozilla's rendering engine, Gecko) can support
CAC on OSX by using the included PKCS#11 module and don't have this
problem. Find the "Manage Security Devices" button (usually in
Preferences->Advanced or Preferences->Privacy & Security under
Certificates) *insert the card reader AND the card* and add a new
security module from location:
/usr/libexec/SmartCardServices/pkcs11/pkcs11.bundle/Contents/MacOS/pkcs11
You'll also need to install the DoD certs into the Mozilla certificate
store under Authorities.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden