Re: [Fed-Talk] Getting public certs out of Exchange
Re: [Fed-Talk] Getting public certs out of Exchange
- Subject: Re: [Fed-Talk] Getting public certs out of Exchange
- From: Paul Nelson <email@hidden>
- Date: Wed, 20 Dec 2006 13:35:37 -0600
- Thread-topic: [Fed-Talk] Getting public certs out of Exchange
With ADmitMac for CAC, you get Kerberos credentials for your domain when you
log in using a CAC. This will then allow Safari to use Kerberos when it
connects using OWA (Be sure you know the correct URL).
http://www.thursby.com/products/afc.html
Paul Nelson
Thursby Software Systems, Inc.
on 12/20/06 1:19 PM, Cardona, Cris Mr Nortel Government Solutions at
email@hidden wrote:
> Has anyone resolved the issue with accessing CAC enabled OWA from a MAC
> using the Safari browser? I know the Safari browser defaults to the
> keychain list for the certs. When I try to access our OWA, Safari
> prompts me to select which certificate I want to use for authentication.
> Safari doesn't list all the certs in the Keychain list for my smart card
> at the prompt. I can see all the certs on the smart card within the
> Keychain utility but Safari doesn't list the DOD E-mail CA I need to
> authenticate. Does anyone have a fix for this problem?
>
> Thanks!
> Cris
>
>
>
> -----Original Message-----
> From: fed-talk-bounces+cris.cardona=email@hidden
> [mailto:fed-talk-bounces+cris.cardona=email@hidden] On
> Behalf Of Paul Nelson
> Sent: Tuesday, December 19, 2006 9:55 AM
> To: Dave Hale; Apple Fed Talk
> Subject: Re: [Fed-Talk] Getting public certs out of Exchange
>
> You might want to refer to
> http://www.microsoft.com/technet/prodtechnol/exchange/Guides/E2k3MsgSecG
> uide/1eb16a4d-9dea-48e9-b56a-c2df79fd06e0.mspx?mfr=true
>
> Certs for users are available from Active Directory if the user has
> autoenrolled, or has used Outlook. There are two forms. The best one
> is to query the 'userCertificate' attribute. This results in an array
> of X509 v3 encoded certs. The second is to query userSMIMECertificate.
> This results in a single CMS (PKCS#7) encoded object that contains the
> user's certs (signing and encrypting).
>
> New software should always look for userCertificate first, then look for
> userSMIMECertificate. Microsoft considers userCertificate to be the
> preferred attribute.
>
> If you are asking about NTAuth certificates (what certificates are
> trusted by a domain for authentication), these are also stored in Active
> Directory but are not usually available via LDAP. Domain members
> receive these using group policy.
>
> Paul Nelson
> Thursby Software Systems, Inc.
>
>
> on 12/19/06 6:58 AM, Dave Hale at email@hidden wrote:
>
>> Has anyone developed a process (other than manually, one at a time) to
>
>> get public keys out of an Exchange server and import them into
>> Keychain?
>>
>> Is it possible for Entourage to access the DOD LDAP and pull certs?
>>
>> Begin forwarded message:
>>
>>> Is there anyway to import a CSV that includes certs into either
>>> Entourage or Address Book? Our PC guys are trying to find an easy way
>
>>> to export all the information from the Exchange server (address +
>>> certs) and import it on the Mac instead of LDAP since this still
>>> doesn't work. Any suggestions?
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden