Re: [Fed-Talk] Create ID Preference for CAC Card
Re: [Fed-Talk] Create ID Preference for CAC Card
- Subject: Re: [Fed-Talk] Create ID Preference for CAC Card
- From: Paul Nelson <email@hidden>
- Date: Sat, 23 Aug 2008 12:21:37 -0500
- Thread-topic: [Fed-Talk] Create ID Preference for CAC Card
Open the Keychain Access utility (/Applications/Utilities)
Locate your CAC certificates. You may need to click the button in the lower
left corner of the window to show your keychains in the left pane.
Choose the certificate you need for authentication and control click it.
There is a menu item "New Identity Preference..." Choose this and type in
the url, or at least the beginning of it (http://host).
I like to keep the keychain utility icon in my menu bar. You can put it
there using Keychain Access preferences.
Paul Nelson
Thursby Software Systems, Inc.
> From: "John C. McDermon" <email@hidden>
> Reply-To: <email@hidden>
> Date: Fri, 22 Aug 2008 20:10:40 -0600 (MDT)
> To: Apple Fed Talk <email@hidden>
> Subject: [Fed-Talk] Create ID Preference for CAC Card
>
> Mac OS X 10.5.4
> I've got the root certs installed
> I've got the SCR331 reader working
> I can "see" the certs and keys in the Keychain Access
>
> In both Safari and Firefox3 when trying to access the Air Force portal I
> get the error:
>
> CAC Authentication Error
> You may have pressed the "Cancel" button in your browser's certificate
> selection prompt. If you're trying to authenticate with your CAC, please
> close all open browser windows and try again. Otherwise, press the
> browser's back button to return to your previous page.
>
> Everything I've read and heard says I need to create an ID Preference for
> the AF portal telling it which cert to use. This makes sense, since the
> portal is still allowing username/password logins. But I can't figure out
> exactly how to do that. I even found Shawn's 10.4 Applescript
> "SetIdentityPreference" that's supposed to create such a thing, but either
> I'm running it wrong or it won't work in 10.5.4. I get the dialog box, but
> then the script exits with no noticeable difference in my Keychain.
>
> I've searched the archives and found a post saying they had to create the
> ID Prefence in "My Certificates" with the CAC Keychain selected.
>
> All well and good, but I still can't figure out how to actually create
> something called an identity preference.
>
> Help will be appreciated and posted.
>
> Thanks!
> -- John
> John McDermon, LTC USAFR
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden