Re: [Fed-Talk] Entourage and Certificates on Intel based Mac
Re: [Fed-Talk] Entourage and Certificates on Intel based Mac
- Subject: Re: [Fed-Talk] Entourage and Certificates on Intel based Mac
- From: Brian Raymond <email@hidden>
- Date: Wed, 19 Jul 2006 10:21:19 -0400
- Thread-topic: [Fed-Talk] Entourage and Certificates on Intel based Mac
I'll provide a little more informatiion regarding the email address being
case sensitive. I can't verify this because I don't have the environment
setup either but if I remember right the RFC states that the case must match
(I can't remember if it was the whole email or just the portion left of the
@ symbol) so if that is not the case, then it can cause problems. I don't
use my CAC for signing or encryption but my email address on my CAC is all
uppercase so it looks to happen.
- Brian
On 7/19/06 9:48 AM, "Michael Kluskens" <email@hidden> wrote:
>
> On Jul 18, 2006, at 8:51 PM, Christopher Blaine wrote:
>
>> MY apologies, I hadn't expected to be treated like the moron down
>> the hall when asking this mailing list if anyone else was having
>> this problem, and for some assistance.
>
> The email address may also be case-sensitive, I may have seen
> something about that somewhere.
>
> Trying to explain why the logic has almost always been wrong in my
> experience based on the provided information.
>
> Originally you didn't say you could see 3 certificates on the card or
> that you had manually sighted the two email address on the CAC card
> and nothing about the identify certificate. Given that we had well
> over a 50% error rate on those items hard to assume your CAC card is
> any better.
>
> I have seen that precise problem dozens of times, in fact nearly our
> entire division of one hundred people had that problem, by the time
> they were required to use their CAC cards for email they had also
> been required to standardize on a new email address and none had a
> clue as to what they had originally written down (that's not counting
> the ones with only one certificate). Only saving factor is most were
> using an email client that does not care what email address is
> associated with the CAC card.
>
> So you have looked at all three certificates and confirmed that the
> listed email address is yours on two of the certificates and you are
> using precisely the same pattern of capitalization.
>
> Try the fed-talk archives, a lot of information is included in there,
> entourage and CAC should limit you to very few messages.
>
> Why entourage thinks two certificates can be used for signing is a
> mystery since only one is labeled for signing.
>
>> I know what certificates are included on my CAC, entourage see all
>> 3 certificates, and is guessing on which certificate is correct for
>> signing, since two certs have that in their available use list (it
>> puts a diamond next to it in the drop down box). Besides, I tried
>> the identity certificate, even though it spit out the warning. No
>> guessing required for encryption since there is only one available
>> for that purpose.
>
> So you accomplished more that 99% of the people in my division, CAC
> cards are not easy, the last renewal disabled dozens of people, the
> Windows support contractor and our Linux experts initially couldn't
> get their new cards to work however those same cards came up fine
> under OS X.
>
> Michael
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden