Re: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
Re: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
- Subject: Re: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
- From: Michael Kluskens <email@hidden>
- Date: Thu, 27 Jul 2006 08:37:41 -0400
Not valid usually means that your computer/account is not set to
trust the certificates that your certificate is based on or you plain
have not activated the Certificates your certificate is based on (or
your certificate is expired but that I'm assuming is not the problem)
You need to get info on your certificate, find your current
certificate in both the smart card keychain and your login keychain
(cmd-I or by menu), find the section "Issuer Name", then the
subsection "Common Name", for example DOD Class 3 CA-10.
Next you need to search all the keychains for that Common Name, for
example DOD Class 3 CA-10 is based on DOD Class 3 Root CA (this you
should find in X509Certificates in your keychain listing or you have
a problem/missed a step). Then you should find that root
certificate, in this example DOD Class 3 Root CA in X509Anchors
(same, everyone should have this certificate as well regardless of
whether their CAC is based on it).
My best guess is you either missed a step or damaged something in the
original attempt to get it working.
In my experience, once you have flashed a SCR331 reader then only one
step needed to get the CAC & Keychain working -- that experience is
based on a USB ActivCard card reader (really a SCR331 with ActivCard
firmware) and about six machines, including one I formatted clean and
then installed OS X 10.4.x on.
However, my experience is all on PowerPC based OS X machines, as
pointed out on previous posts could be a bug in the Universal
binaries for the Intel based machines.
Michael
On Jul 26, 2006, at 6:46 PM, Lucy Liew wrote:
Since my original post, I've flashed firmware version 5.18 onto my
CAC reader and moved the CCID Class Driver back to where it was
originally. I've also followed all the instructions according to
the Naval Postdoctorate document on CAC on a Mac. With my updated
reader, my laptop recognizes my reader and properly requests and
knows when I've properly inputed by PIN, but it states that my
certificates with my name on it are still "not valid" when I look
at them via Keychain Access.
I have asked the IT people within my organization to check my CAC
card and they said there wasn't any reason why it shows up as "not
valid" when they used their computer--a PC.
Please advise on what I need to do so that my laptop/reader can
properly read the certificates with my name on it.
From: "Hopfner, Philip (Phil) (CIV)" <email@hidden>
To: "Lucy Liew" <email@hidden>,<email@hidden>
Subject: RE: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
Date: Thu, 20 Jul 2006 07:28:20 -0700
Hello Lucy,
I can't vouch for the Virtual PC part yet (as I haven't tried it,
but I
understand it works too) - but I might suggest that you go and
download
the "CAC on a MAC" document at http://cisr.nps.edu/pub_techrep.html.
It's helped a fiar number of people to setup their CAC readers to
work
on the Mac. And yes, you will need to flash the firmware on the
card,
but the document also explains this step too.
-Phil
-----Original Message-----
From: fed-talk-bounces+phopfner=email@hidden
[mailto:fed-talk-bounces+phopfner=email@hidden] On
Behalf Of
Lucy Liew
Sent: Wednesday, July 19, 2006 9:54 PM
To: email@hidden
Subject: [Fed-Talk] cac on mac os x 10.4.6 with scr331 reader
I'm new to Macs and CAC readers so please forgive me if I sound
ignorant
and
asking a question that's been answered before.
I have been reading through as much of the archived information on
the
Fed-Talk list as I can, and I still can't seem to get my CAC and
Citrix
set
up. I have a MacBook Pro with a Mac OS X 10.4.6. I also have a
SCR 331
CAC
reader. However, I don't have virtual PC. I've done the following:
1. In Keychain Access, I went into Edit Keychain List for Mac OS
X and
clicked "Shared" for the X509 Cerficiates.
2. I've installed the two keychains provided by DoD into both
X509Certificates and X509Anchors
3. At one point, in Keychain Access, it recognized my smartcard as
"smartcard reader #1." However, when I clicked on my personal
certificates
with my name on it, they would show that it was "INVALID."
4. So I went into the draft guide "Smartcard Login on Tiger" and
copied
and
pasted what was under "enabling smartcard login" in the Terminal
mode.
I'm
not sure what happened after that, but my laptop no longer
recognizes my
smartcard reader at all.
5. I moved CCID Class Driver bunding to the desktop.
6. I've downloaded the Citrix ICA Client for Mac.
My questions:
1. How do I get my laptop to recognize my smartcard reader
again? Do I
need to undo any of the things I've done above? And if so, how do
I do
that? I need basic level instruction.
2. Do I need to update my driver for the SCR331 reader to the
firmware
5.18
version given that I running on version 10.4.6? It seems from
what I've
read that I don't have to but I may be mistaken.
3. Do I need VirtualPC to get this thing working?
4. How do I make my personal certificate "valid"
5. What am I doing wrong?
Thanks for any of your suggestions.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden