Re: [Fed-Talk] CAC, AKO. Firefox, and Safari
Re: [Fed-Talk] CAC, AKO. Firefox, and Safari
- Subject: Re: [Fed-Talk] CAC, AKO. Firefox, and Safari
- From: "Timothy J. Miller" <email@hidden>
- Date: Wed, 11 Jul 2007 16:24:55 -0500
Run
sudo pcsctool
With the CAC in the reader, and select "commonAccessCard.bundle".
-- Tim
On Jul 11, 2007, at 4:18 PM, Trent Townsend wrote:
Classification: UNCLASSIFIED
I finally had to remove the Firefox directory under ~/Library/
Application Support to get it to start working again. I tried
installing it one more time... it said it didn't import the
certificates but it did. However, it still would not properly log
in via CAC to enabled websites. Oh well, at least Safari works.
Thanks.
--------------
Trent Townsend
ERDC Major Shared Resource Center
Email: email@hidden
Office: 601.634.4051
Cell: 601.631.1879
Fax: 601.634.2774
http://www.erdc.hpc.mil
Classification: UNCLASSIFIED
On Jul 11, 2007, at 3:52 PM, Zimmerman, Lee SPAWAR wrote:
Trent,
I was having similar problems - Firefox would launch but then lock
up (application race condition) or crash when I tried to connect
to any site that needed a CAC card. So, naturally when I went to
test it today it's working. It may just be that I finally got the
extension(s) that were causing problems fully uninstalled. Since I
had successfully imported the DoD certs, I didn't need the DoD
extension anymore. I also uninstalled the DOM Explorer extension
last time Firefox crashed (so now it's down to just Talkback). I
think because Firefox kept crashing I was having a hard time
getting through the restart cycle to actually complete the
uninstalls. Or it could just be it's having a good day and
tomorrow it will be back to crashing.
Here's another interesting issue - I can connect to the Navy NMCI
Outlook web access (OWA) all the time from outside of my base's
local network, but when I try to connect from inside about half
the time OWA acts like I don't have a CAC certificate (the OWA
server returns an error that I need to present a valid
certificate). Sometimes I can connect to another site that uses
the CAC card and once I've unlocked the CAC (by entering the CAC
password when asked), I can often connect to OWA - but even that's
not 100%. There have been times when I've been connected to our
Command portal in one tab (using the CAC access) and still getting
rejected by NMCI OWA in another tab. Is anyone else having
problems with Safari being inconsistent with connections to CAC-
enabled web sites?
Between Firefox and Safari it got so bad I was using Internet
Explorer under Parallels to access OWA - that worked all the time.
Lee Z.
Classification: UNCLASSIFIED
I just got a new MacBook Pro and decided to try the extension
listed below. However, none of the certs were imported and
nothing seemed to take effect. So I decided to remove the
extension. Now firefox crashes when I launch it only when my CAC
is in the reader. When its not in the reader, it works fine.
Anyone seen this?
Thanks.
--------------
Trent Townsend
ERDC Major Shared Resource Center
Email: email@hidden
Office: 601.634.4051
Cell: 601.631.1879
Fax: 601.634.2774
http://www.erdc.hpc.mil
Classification: UNCLASSIFIED
On Jun 12, 2007, at 9:49 AM, Emery, David G Capt MIL USAF AFSOC/
A6OE wrote:
Jeff, you may want to give the DoD Configuration extension
a shot for
Firefox. It worked like a charm for me after Tim pointed
my in the
correct direction. Remove any DoD root certs for Firefox,
connect your
CAC reader, and then install the extension. It grabs the
root certs and
installs the pkcs#11 module. Once successful, close
Firefox, insert
your CAC, and start Firefox. You "should" be good to go.
Dave
-----Original Message-----
From: fed-talk-bounces
+david.emery=email@hidden
[mailto:fed-talk-bounces
+david.emery=email@hidden] On
Behalf Of Jeffrey Cox
Sent: Tuesday, June 12, 2007 9:21 AM
To: Timothy J. Miller
Cc: email@hidden
Subject: Re: [Fed-Talk] CAC, AKO. Firefox, and Safari
Greetings:
I don't have any certificates in "my certificates" but I
have the web
pages saved in web sites. I have attempted to reload
pkcs11 but have
been unable to load module. I get a 70 letter code when I
select
pkcs11 [Application Support/Mozilla/pkcs.11.shib].
How do I get pkcs11 in SmartCard Services?
Jeff
On 6/12/07, Timothy J. Miller <email@hidden> wrote:
> On Jun 12, 2007, at 7:15 AM, Jeffrey Cox wrote:
>
> > Regarding if Firefox will load into other PKI-
authentication
> > required sites, I have not been able to utilize my CAC
card in any
> > of the sites. Should I use Safari? I really want to
use Firefox, but
> > I am frustrated.
>
> Then the problem is FF, not something peculiar with the
site.
>
> Can you see your CAC certs in FF when you go to Tools |
Options |
> Advanced | Encryption and open the certificate store?
FF should
> prompt you for your PIN when you do this. If it doesn't
and you don't
> see your certs, then the PKCS#11 module likely didn't
install
> correctly; unload it if it's present, close and reopen
the Security
> Devices dialog, and re-load it. The path is:
>
> /usr/libexec/SmartCardServices/pkcs11/pkcs11.bundle/
Contents/MacOS/
> pkcs11
>
> -- Tim
>
--
Jeffrey M. Cox
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@hurlburt.a
f.mil
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden