Re: [Fed-Talk] DHS and DOE Certificates
Re: [Fed-Talk] DHS and DOE Certificates
- Subject: Re: [Fed-Talk] DHS and DOE Certificates
- From: Michael Kluskens <email@hidden>
- Date: Thu, 26 Oct 2006 12:47:12 -0400
On Oct 26, 2006, at 12:01 PM, Paul Derby wrote:
Well, here is the scenario that doesn't work with certificates from
DOE Los Alamos National Labs which uses Entrust:
I send an email to Tom with my Thawte digital signature.
He receives, confirms the email is signed. He replies with a
signed email.
His two Entrust certs go on my "login" keychain automatically.
And you can confirm no other certificates were added the first time
you received signed email from him? Not that it would be surprising
that no other certificates were added, it would be very surprising
that you can confirm that, I certainly never noticed the extra
certificates I was getting.
The issuer of his cert is: Organization - U.S. Government,
organization unit - Department of Energy, Organization Unit - Los
Alamos National Laboratory
What is the "Common Name" of the certificate that signed his
certificate. You have to double click on the certificate and look
down the list of information. First is Subject Name, then Issuer
Name, inside that I find Common Name, which is the name of the
certificate that signed that certificate. I don't expect their
certificates to display differently, however, they could be incomplete.
On top of that you should also find URL's in the certificate
information that permit you to get additional information, perhaps
even the signing certificate in the case where it was truly not
automatically included or auto downloaded by Keychain Access
(strictly speaking I don't know what put the signing certificates in
my keychain, I just know that when I find an untrusted certificate I
also find it's signing certificate once I know what I'm looking for).
You can also scroll down your certificate list by arrows and watch
for certificates that are not trusted, then determine what type of
certificate they are and what certificate signed them (the Common
Name not the understandable name).
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden