[Fed-Talk] RE: Getting DoD root certificates
[Fed-Talk] RE: Getting DoD root certificates
- Subject: [Fed-Talk] RE: Getting DoD root certificates
- From: "Yannuzzi, Mark J Civ USAF AFRL/RYDX" <email@hidden>
- Date: Wed, 16 Apr 2008 16:30:20 -0400
- Thread-topic: Getting DoD root certificates
Title: RE: Getting DoD root certificates
Jim:
You will most likely need to get the “AF Medium Assurance Root CA”, and the Intermediate CAs that correspond to your MAJCOM for servers/Active Directory Domain Controllers, they will most likely be named “USAF <MAJCOM> Med CA-1”, etc. where <MAJCOM> is the MAJCOM symbol, for example AFMC. The easiest way is to logon to a Windows machine where you are located and use the control panel:
- Internet Options->Content->Certificates Tab->Certificates Button->Trusted Root Certification Authorities
to export the “AF Medium Assurance Root CA” as Base-64 encoded X.509 (.CER) or as PKCS#7 (.P7B).
- Internet Options->Content->Certificates Tab->Certificates Button->Intermediate Certification Authorities
to export the “USAF <MAJCOM> Med CA-#” certificate(s) as Base-64 encoded X.509 (.CER) or as PKCS#7 (.P7B).
The import them into Keychain Access. Depending on whether you are using Tiger or Leopard, where they go varies. Also, depending on what e-mail client you are using, where “AF Medium Assurance Root CA” is placed will vary.
For example, IF you are using Entourage 2004 under Leopard, in addition to importing the AF root cert into your System Keychain (for Safari to access you intranet sites on you base, etc.), you also MUST also import it into the “old/deprecated/unused/antique” /System/Library/Keychains/X509Anchors, BUT if you use Keychain Access to “share” it, MAKE SURE YOU UNSHARE, i.e., delete it fro the Keychain List dialog box, AFTER importing it. If it is not located here, Entourage will not find it and won’t be able to establish a secure (SSL) connection to the LDAP GAL server. In fact Entourage 2004 ONLY looks in the X509Anchors keychain for Root Certs, as far as I can tell.
I put the USAF <MAJCOM> Med CA-# certs in the /System/Library/Keychains/SystemCACertificates.keychain after adding it via the “Keychain List” dialog and sharing it.
Mark
--
Mark Yannuzzi
Research Engineer
Sensors Directorate, Exploratory Electronics
Air Force Research Laboratory
(937) 255-1874 x3458 : Phone
(937) 255-8656 : Fax
email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden