Re: [Fed-Talk] Installing NMCI Root Certs on Mac
Re: [Fed-Talk] Installing NMCI Root Certs on Mac
- Subject: Re: [Fed-Talk] Installing NMCI Root Certs on Mac
- From: Paul Nelson <email@hidden>
- Date: Sun, 16 Jul 2006 10:51:11 -0500
- Thread-topic: [Fed-Talk] Installing NMCI Root Certs on Mac
Title: Re: [Fed-Talk] Installing NMCI Root Certs on Mac
You should ask the help desk to export the root certs using ASN1 encoding (.cer). They can e-mail them to you, and you can install them directly on the Mac by double clicking.
If you can’t get real ASN1 encoded cert files, and all you have is the .exe, I would install the certs from the .exe file on the PC. Once the certs are installed on the PC, you can use the Certificates MMC plug-in to export them. You only need to do this once to get the “.cer” files. You can install the .cer files on as many Macs as you need. Now export them to get real cert files.
Then move the .cer files to the Mac and install them by double clicking. They may be installed in the user’s keychain or in X509Anchors. If you put them in X509Anchors, they will be shared among all the Mac users.
To make sure you have the root certs installed and working, quit out of the Keychain Access after the install (there is a bug that restarting works around). Then insert your CAC and launch Keychain Access. Make sure that the button in the lower left of the Keychain Access window says “Hide Keychains”. Your CAC will appear in the upper left list. Click on the CAC keychain (named “smart card #nn). Then click on the middle cert (the e-mail cert). The cert status should show that the cert is valid. The Mac will do a basic validation of your certs (see if you are trusting the root and intermediate certs).
If you are just using the CAC for e-mail, you probably don’t need the Keychain “Certificate Revocation List” preference to “Off”. Getting CRLs from most DoD certificate authorities takes a while (perhaps as long as one to two minutes). OCSP does not apply to CAC, as the CAC certs do not contain any OCSP information, and the Mac can’t be manually configured to use an OCSP responder.
If you need CAC login to your Macintosh, you might want to check out Thursby’s ADmitMac for CAC, now in BETA.
http://www.thursby.com
Paul Nelson
Thursby Software Systems, Inc.
on 7/15/06 11:49 PM, James Kapple-Bland at email@hidden wrote:
Is there a way to install root certs for NMCI on a Mac? I am running 10.4.7 on a 17” PB G4 and I have a working CAC card and reader. I would like to access my NMCI mail through Entourage. The NMCI webmail program doesn’t support encryption of digitally signing messages. The NMCI Help Desk took me to the InfoSec page to get InstallRoot18A.exe but then I’ll have to use Virtual PC. Not the ideal situation.
If this is a no go, does anyone know how to suppress the Name Check value in Entourage? I had my PC set up for that before and could use my CAC card to encrypt/sign from my contractor mail account.
Thanks and please advise. Have a good weekend.
James
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden