Does anyone know if there is a good user oriented writeup on how X.509 certificates, Apple Mail, Address Book, Key Chain, and Safari all work together?
Several individuals in our company, including myself, have obtained Thawte X.509 certificates so we can send FOUO information back and forth to our DoD, DHS and national lab (LLNL and LANL) contacts.
Some questions that come up where we can't find Apple Documentation:
How does all this work from the User perspective? Is there a good end user oriented document we could hand out to get people started?
As X.509 certificates expire, it would seem that you need to leave them in your key chain so you can go back and read old emails that are encrypted. Does Apple Mail and OS X work to pick the "right" certificate as encrypted mail builds up over the years?
Sometimes you need to move your certificate from the Keychain into a Windows XP environment. Does anyone know a successful way to do this? So if you have Windows XP running on your Mac under Parallels and you have installed a certificate from Thawte, how do you export the certificate from your Keychain in a format that is importable into Windows XP? We can generate certificates in XP and Outlook works just fine, but we haven't been able to move a certificate from OS X into Windows for users that use both OS X and Parallels/WIndows XP on the same MacBook Pro machines.
Where is the certificate store for Windows XP? Is there something like Keychain where you can go look to see what certificates you have and view their characteristics?
Also, are other people having problems sending encrypted email to US Army email addresses where the receiver authenticates with their CAC card and uses their CAC card for decryption. It seems the Army is encoding the user's exchange server email address on the CAC card, not their AKO email address. Many folks in the Army use their AKO email address and forward that to their exchange email address. Since the AKO email address isn't on the CAC card the receiver can't decrypt their email. Any thoughts on how to deal with this situation?
Regards,
Paul Derby -- Paul Derby IT Lead BioWatch Systems Program Office Department of Homeland Security 703-647-2745 |