Re: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
Re: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
- Subject: Re: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
- From: "Brochner, Ruben CTR DTIC Z" <email@hidden>
- Date: Thu, 27 Jul 2006 08:11:05 -0400
- Thread-topic: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
It may be that the intermediate or root certificates for your card are not
in the keychain. In my case, it was not until I updated those that my
certificates were considered valid. For each certificate on your card, make
sure that the certificate for the "Issuer" is in X509Certificates. Then,
make sure that the Issuer of the X509Certificate has a certificate in
X509Anchors.
Also, under Keychain Access->Preferences... and in the Certificates section,
set Online Certificate Status Protocol (OCSP) to Best Attempt, Certificate
Revocation List (CRL) to Best Attempt, and Priority to OCSP.
-Ruben
------
Ruben Brochner
CSC Federal
Defense Technical Information Center
703-767-7059
On 7/26/06 6:46 PM, "Lucy Liew" <email@hidden> wrote:
> Since my original post, I've flashed firmware version 5.18 onto my CAC
> reader and moved the CCID Class Driver back to where it was originally.
> I've also followed all the instructions according to the Naval Postdoctorate
> document on CAC on a Mac. With my updated reader, my laptop recognizes my
> reader and properly requests and knows when I've properly inputed by PIN,
> but it states that my certificates with my name on it are still "not valid"
> when I look at them via Keychain Access.
>
> I have asked the IT people within my organization to check my CAC card and
> they said there wasn't any reason why it shows up as "not valid" when they
> used their computer--a PC.
>
> Please advise on what I need to do so that my laptop/reader can properly
> read the certificates with my name on it.
>
>
>> From: "Hopfner, Philip (Phil) (CIV)" <email@hidden>
>> To: "Lucy Liew" <email@hidden>,<email@hidden>
>> Subject: RE: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
>> Date: Thu, 20 Jul 2006 07:28:20 -0700
>>
>> Hello Lucy,
>>
>> I can't vouch for the Virtual PC part yet (as I haven't tried it, but I
>> understand it works too) - but I might suggest that you go and download
>> the "CAC on a MAC" document at http://cisr.nps.edu/pub_techrep.html.
>> It's helped a fiar number of people to setup their CAC readers to work
>> on the Mac. And yes, you will need to flash the firmware on the card,
>> but the document also explains this step too.
>>
>> -Phil
>>
>> -----Original Message-----
>> From: fed-talk-bounces+phopfner=email@hidden
>> [mailto:fed-talk-bounces+phopfner=email@hidden] On Behalf Of
>> Lucy Liew
>> Sent: Wednesday, July 19, 2006 9:54 PM
>> To: email@hidden
>> Subject: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
>>
>> I'm new to Macs and CAC readers so please forgive me if I sound ignorant
>> and
>> asking a question that's been answered before.
>>
>> I have been reading through as much of the archived information on the
>> Fed-Talk list as I can, and I still can't seem to get my CAC and Citrix
>> set
>> up. I have a MacBook Pro with a Mac OS X 10.4.6. I also have a SCR 331
>> CAC
>> reader. However, I don't have virtual PC. I've done the following:
>>
>> 1. In Keychain Access, I went into Edit Keychain List for Mac OS X and
>> clicked "Shared" for the X509 Cerficiates.
>> 2. I've installed the two keychains provided by DoD into both
>> X509Certificates and X509Anchors
>> 3. At one point, in Keychain Access, it recognized my smartcard as
>> "smartcard reader #1." However, when I clicked on my personal
>> certificates
>> with my name on it, they would show that it was "INVALID."
>> 4. So I went into the draft guide "Smartcard Login on Tiger" and copied
>> and
>> pasted what was under "enabling smartcard login" in the Terminal mode.
>> I'm
>> not sure what happened after that, but my laptop no longer recognizes my
>>
>> smartcard reader at all.
>> 5. I moved CCID Class Driver bunding to the desktop.
>> 6. I've downloaded the Citrix ICA Client for Mac.
>>
>> My questions:
>> 1. How do I get my laptop to recognize my smartcard reader again? Do I
>>
>> need to undo any of the things I've done above? And if so, how do I do
>> that? I need basic level instruction.
>> 2. Do I need to update my driver for the SCR331 reader to the firmware
>> 5.18
>> version given that I running on version 10.4.6? It seems from what I've
>>
>> read that I don't have to but I may be mistaken.
>> 3. Do I need VirtualPC to get this thing working?
>> 4. How do I make my personal certificate "valid"
>> 5. What am I doing wrong?
>>
>> Thanks for any of your suggestions.
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden