Re: [Fed-Talk] CLEARING CERTIFICATE CACHE (OR WHATEVER)
Re: [Fed-Talk] CLEARING CERTIFICATE CACHE (OR WHATEVER)
- Subject: Re: [Fed-Talk] CLEARING CERTIFICATE CACHE (OR WHATEVER)
- From: "Blaine, Chris CIV SPAWAR SSC PAC, 53232" <email@hidden>
- Date: Wed, 28 Jan 2009 08:56:30 -0500
- Thread-topic: [Fed-Talk] CLEARING CERTIFICATE CACHE (OR WHATEVER)
I had the same problem, and finally found a posting in another Apple forum,
Apple-cdsa (
http://lists.apple.com/archives/apple-cdsa/2008/May/msg00003.html) which
gave me the answer.
The answer comes in the last paragraph...
Meanwhile, take a look at /var/db/TokenCache/tokens. There is one directory
in there for each card the system remembers having seen before, named by
whatever identifier the Tokend has assigned the card (the form is token
identifier:card identifier). Remove the card and blow away that directory,
and when you re-insert the card you should get the new contents (because you
removed the place where the Tokend would store its cached data). Note that
if you do this, the system will also think your card is new (never before
seen).
There is a cached copy of my previous tokens, Deleting the referenced
directories, as below resolved my issue, and allowed the new certificates to
be populated into keychain.
sudo rm -r com.apple.tokend.cac:CAC-XXXX-XXXX-XXXX-XXXX
--
Thanks
Chris Blaine
Senior Network Engineer
Network Security Officer
C4I Programs
700 Robbins St, Bldg 2A
Philadelphia, PA 19111
> From: Mark Bienz <email@hidden>
> Date: Wed, 28 Jan 2009 07:59:10 -0500
> To: Talk Apple <email@hidden>
> Subject: [Fed-Talk] CLEARING CERTIFICATE CACHE (OR WHATEVER)
>
> Had my signature and encryption certificates updated with a new e-
> mail address and could not figure out why I could not sign mail.
> Just discovered that the Keychain view of the certificates from the
> CAC Reader are still showing the older CA-16 certificates with my old
> e-mail address, etc. I know the certificates have been changed
> because when I view the certificates on a "blah" Windows system I see
> the new CA-19 e-mail and encryption certificates. My identity
> certificate was unchanged so is still a CA-16 certificate and getting
> into Web Sites requiring that still function.
>
> What do I have to do to force the system to pick up the new
> certificates from the CAC?
>
> Running 10.4.11.
>
> Mark
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden