Re: [Fed-Talk] Leopard & CAC & now Mail - FIXED!
Re: [Fed-Talk] Leopard & CAC & now Mail - FIXED!
- Subject: Re: [Fed-Talk] Leopard & CAC & now Mail - FIXED!
- From: "Hare, Lawrence CTR USA USAMC" <email@hidden>
- Date: Mon, 7 Jan 2008 17:03:21 -0500
Well - it's all working, with my thanks to you all and to Dr. Paul
Derby who helped me figure it out. I fear when I chucked the old
KeyChain files I also chucked the DoD root certificates, and when I
installed the new certificates from my CAC those certificates did not
get carried over.
The easy way to figure this out was in Address Book. When you look up
a name for someone whose certificate you have received, there is a
little tick-mark in a tiny star (certificate) next to their email
address in their Address Book entry. If you left click on the star you
get a whole bunch of information about the certificate. At the top of
that window is the certificate chain which should lead back to the
root certificate. When I looked at mine own entry in the Address Book
I saw I had a star, which told me that at least the certificate was
being seen, but when I looked at the chain, there was none! There was
just my certificate and nothing else. There are places on the web (via
Google and no doubt AKO, et al) where one can down-load the DoD Root
Certificate, or you can get it emailed as a .pem file, and then
install it. The .pem file is very useful, just double-click on it and
the certs are installed.
The final thing Paul had me do was create a new keychain named
"X509Anchors". I then highlighted my CAC keychain and in the Spotlight
box I entered "DoD". From the resultant list I copied the gold-colored
DoD Root Certificates into this new keychain.
Now when I look at my certificate in Address Book I see a three-level
heirarchy down to the DoD Root Certificate. And - also - Mail showed
me the encrypt and sign icons.
The other gotcha that burnt me before was that the email address in
the Mac had upper-case names whereas in the certificate they were
lower-case, as was pointed out here, the name must match both spelling
and case.
Oh - and I DID have to relaunch Mail!
And I am now a happy camper, although somewhat disturbed by the fact
that what I thought I knew - I didn't!
Thanks again and I hope this helps anyone else as mystified as I was -
er - am!
Lawrence
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden