[Fed-Talk] Certificate Rejected on Air Force Portal
[Fed-Talk] Certificate Rejected on Air Force Portal
- Subject: [Fed-Talk] Certificate Rejected on Air Force Portal
- From: Paul & Mandy Birch <email@hidden>
- Date: Thu, 08 Jan 2009 22:02:30 -0600
- Thread-topic: Certificate Rejected on Air Force Portal
Does anyone have insight on accessing the AF portal? My CAC reader is
working. It shows up properly in Keychain Access with valid certificates,
the pcsctest works fine, and I can even access my Air Force webmail with the
CAC, but I'm still stumped with the AF portal.
When I go to the site, I'm prompted:
"Safari wants to use the CAC-2050... Keychain. Please enter the keychain
password."
I enter my password (my CAC PIN) and then get this error:
"The website rso.my.af.mil did not accept the certificate"
Followed by a menu prompting me to choose my proper certificate (a DOD CA-16
for identity & two DOD EMAIL CA-19s for encrypting/signing e-mail).
The error repeats itself no matter which certificate I choose. After three
attempts my CAC card becomes blocked and I have to wait in line a couple of
hours at the personnel office to get it unblocked, so experimenting too much
isn't an option.
I can set the identity preference to any three of my CAC certificates in
keychain with the same results.
I have these three identity preference addresses for the AF portal:
https://rso.my.af.mil/EAI_JUNCTION/eai/auth
https://rso.my.af.mil/faf/FAF/fafHome.jsp
https://rso.my.af.mil
These address seems to be trying to authenticate. The other addresses simply
gave me the "CAC Authentication Error" saying "You may have pressed the
Cancel button in your browser's certificate selection prompt..."
A few more details:
PPC G5 (2.2)
OS X 10.5.6
Safari 3.2.1
Smart Card Reader: OMNIKEY 3121 v3.02
Smart Card: Oberthur V5.2
The CAC works fine to access the AF portal on my PC, so it's not the card
itself.
BTW, I've also tried accessing the AF portal via my Intel MacBook, OS X
10.5.6, with the SCR331 reader (v5.25). I get this error instead:
"Client certificate rejected NSURUErrorDomain:-1205"
Again, the card shows up in keychain access, pcsctest works, and webmail
access is fine.
Do I need to add a different identity preference web address? Any other
ideas?
Thank you,
Mandy
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden