Re: [Fed-Talk] Problems with Keychain/AF WebMail/CAC
Re: [Fed-Talk] Problems with Keychain/AF WebMail/CAC
- Subject: Re: [Fed-Talk] Problems with Keychain/AF WebMail/CAC
- From: Mike Jackson <email@hidden>
- Date: Wed, 30 May 2007 16:06:39 -0400
On May 30, 2007, at 3:28 PM, Michael wrote:
On May 30, 2007, at 3:10 PM, Mike Jackson wrote:
Also I noticed that I can not find any of the DoD CAs on my
machine in the KeyChain.app. I reimported the X509 anchors and
nothing showed up. I wonder if in all the tinkering I have done I
have somehow deleted them..
I'm not following this thread closely but have you logged in as an
administrator on your machine, gone into Keychain Access, then
chosen Keychain List from the Edit menu, then switch "Show" to "Mac
OS X (System)" and then checked the boxes to share X509Anchors and
X509Certificates. On new machines you have to add them first,
navigate to /System/Library/Keychains and then check the boxes to
share them. You absolutely have to do this as an admin user.
That is the part I usually forget about when I setup a new user at
my place. Our needs are simple, just CAC enabled web site access
and OS X Mail signing and encrypting so this is the only thing we
need to do once we have a working CAC Card and Reader. One CAC
Reader just died on us for no reason, so if you are not seeing your
CAC keychain in Keychain access you have more basic problem.
Michael
Did all that as an admin user (my account is set to admin the
machine). I can always try it as "root" user...
I also just tried to log into https://www.my.af.mil/ with my CAC and
I get the error message in safari:
Safari can’t open the page “https://www.my.af.mil/faf/FAF/fafHome.jsp?
refURL=https://www.my.af.mil/faf/FAF/fafHome.jsp”. The error was:
“client certificate rejected” (NSURLErrorDomain:-1205) Please choose
Report Bug to Apple from the Safari menu, note the error number, and
describe what you did before you saw this message.
I have seen this a few times before when trying the OWA .. but after
a refresh I get the usual 401 or 403 http errors.
--
Mike Jackson Senior Research Engineer
Innovative Management & Technology Services
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden