Re: [Fed-Talk] Air Force Portal Run-down
Re: [Fed-Talk] Air Force Portal Run-down
- Subject: Re: [Fed-Talk] Air Force Portal Run-down
- From: Mark Yannuzzi <email@hidden>
- Date: Fri, 31 Jul 2009 11:11:05 -0400
- Thread-topic: [Fed-Talk] Air Force Portal Run-down
Title: Re: [Fed-Talk] Air Force Portal Run-down
Chris:
I used to have the Identity Preference for my Email Signing Certificate point to https://www.my.af.mil/EAI_JUNCTION/eai/ in order for Safari to work with my CAC. A couple of weeks ago I this stopped working and I had to delete it and use just the top-level https://www.my.af.mil/. This site a couple of others seem to be change from time to time (e.g., sometimes requiring the trailing “/”, other times not), which is frustrating. The trick is to be consistent in how you change your Identity Preference AND the link you use in Safari, which is not ALWAYS the same as the one your using for your Identity Preference. For example, in Keychain Access the Identity Preference for Webmail will be https://webmail.afmc.af.mil/ for your Email Signing Certificate, BUT in Safari (or Firefox) the address you must use in order for your CAC to be recognized MUST be https://webmail.afmc.af.mil/Exchange/, not just the root.
So, I find this routine works:
- After you try a website and it fails, copy the address.
- Empty Safari’s cache (Menu: Safari->Empty Cache...) BEFORE your quit.
- Quit Safari, open /Applications/Utilities/Keychain Access (its most convenient to set the “Show Status in Menu Bar” preference in Keychain Access’s Preferences... So you can open the app faster in the future.
- Put your CAC in the reader then select it in the Keychains List, then select “My Certificates” in the “Category” pane. This will organize your Certificates and Private Key into a hierarchical list, making it easier to find you Email Signing Certificate since all three have the same unhelpful names.
- Click the disclosure triangles so you can see the certificates associated private keys. Right-click on your Email Signing Certificate which is usually the second one in the list, and select “New Identity Preference...” and paste or type the site address, https://www.my.af.mil/, for example.
- Reopen Safari and make sure your CAC is in the reader BEFORE you go to the website. Then either type the sites address or use a Bookmarked site, don’t use the History items.
You should then get prompted for your PIN.
Mark
--
Mark Yannuzzi
AFRL
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden