Re: [Fed-Talk] CAC and Firefox 3
Re: [Fed-Talk] CAC and Firefox 3
- Subject: Re: [Fed-Talk] CAC and Firefox 3
- From: "Clayton E. Blackburn" <email@hidden>
- Date: Sun, 19 Oct 2008 22:57:24 -0400
- Organization: Fort McPherson Library
Blake,
You're probably right. The reason I'm having luck is that my CAC
is the GEMPLUS version. I won't get an Oberthur for a few more weeks.
Basically I'm just following instructions found on this list or
elsewhere. I don't pretend to understand what they mean.
My situation is probably different from yours in another way. My
Mac work is accomplished only at home thus my concern with all of this
is probably just a stubborn obsessive-compulsive activity. At work
everything is Windows. At home I run Parallels when I really need to
accomplish something with the CAC certificates.
It seems such a shame that a super-stable environment such as Mac
OS 10 can't yet compete with the incredibly unstable Windows in the
military enterprise arena. However, this may change. It's a hopeful
sign that Apple is at least making gestures and is hosting this list.
Best of luck; it'll be exciting to see what someone else posts
about Coolkey.
./clay
Blake Jordan wrote:
Thanks for reposting that Clay, that cleared up things
a little bit. However, it still didn't seem to work for me
unfortunately. Firefox successfully loaded the driver, but after
restarting Firefox, my certificates still don't show up in Firefox.
For a small bit of background on my situation, I'm using one of the
newer CAC's made by Oberthur, the 5.2 one giving so many people issues.
My reader is a common reflashed SCR331. My CAC wasn't even found by
Keychain until I ran Shawn Geddis' Smart Card Services Update 1.2.
After doing that, Keychain seems to see it fine, but still no success
with Firefox.
Do I need the egate driver like the Fedora page mentions for Coolkey?
Do I need to manually compile Coolkey against 10.5, or is the
precompiled binary still fine? Are there any other steps I could be
missing?
-Blake
On Fri, Oct 17, 2008 at 10:48 PM, Clayton E.
Blackburn <email@hidden>
wrote:
Following is part of the correspondence with David Mueller. I thought I
sent the reply to the list but it went only to David. Anyway, his
instructions worked for me.
You're welcome. I'm glad to hear it worked.
- David
-----Original Message-----
From: Clayton E. Blackburn [mailto:email@hidden]
Sent: Fri 10/10/2008 9:19 PM
To: Mueller, David S CIV SSC San Diego, 2872
Subject: Re: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support for third party OS X Applications...
David,
I've been following this thread with interest.
You've provided very helpful and specific line by line Unix
instructions. After following your directions I then opened the FireFox
Preferences, selected Advanced then Encryption and clicked the Security
Devices button and Load. Then pasted in
/usr/local/lib/pkcs11/libcoolkeypk11.dylib into the second blank in the
box. Success!
Thanks.
Clay
Clayton E. Blackburn
Fort McPherson Library
Atlanta, Georgia
Mueller, David S CIV SSC San Diego, 2872 wrote:
> I use the CoolKey package from the CoolKey site:
>
> http://directory.fedoraproject.org/wiki/BuildCoolKey#Pre_Built_Binary
>
> The following Terminal commands can be used to install it; I assume
> you've already used cd to change to the directory that the CoolKey
> package was downloaded to:
>
> $ sudo mkdir -p /usr/local/lib
> $ sudo mkdir -p /usr/local/include
> $ sudo mkdir -p /usr/local/bin
> $ unzip mac-coolkey-1.1.0.zip
> $ cd usr/local/CoolKey
> $ sudo cp -r lib/* /usr/local/lib/
> $ sudo cp -r include/* /usr/local/include/
> $ sudo cp -r bin/* /usr/local/bin/
>
> Once that is done, the path to Coolkey to use in Firefox and Adobe
> Reader is:
>
> /usr/local/lib/pkcs11/libcoolkeypk11.dylib
>
> Hope this helps,
>
> David
Timothy J. Miller wrote:
Blake
Jordan wrote:
/usr/libexec/SmartCardServices/pkcs11/pkcs11.bundle/Contents/MacOS/pkcs11
This module is broken in 10.5. It crashes during C_Initialize. I
logged a bug with Apple months ago.
The only working PKCS#11 module for OS X is the Coolkey PKCS#11 module
from Red Hat.
-- Tim
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden