this looks like something Apple could add the the Keychain Access program, maybe “Preferences->General->Clear Smartcard Cache”
any progress on getting the developers to allow wildcards in the URLs for ID Prefs? Adding multiple URLs for the same base site is really getting irritating and is frustrating our users to no end. Most have switched to Firefox because Apple native approach is no cumbersome that its not worth using Safari.
it would great if you could do the following:
http://*.mysite.mil/sites/* -- in this example all hosts within that domain and all URLs starting with /sites would automatically be sent whatever the selected certificate is if TLS is enabled.
As an official followup, I will restate here to avoid some confusion
conveyed in the other responses:
The first time a Smart Card is _seen_ in Mac OS X, we perform the
1) Create and maintain a Cache directory
This directory is solely for the purpose of expediting the processing
of information from a Smart Card. Since access / retrieving the
certificates from the card via the slow card interface it can take
more time than we all would like, therefore, Mac OS X caches that
information for much faster access.
The Cache directory is located at the following location:
<cardtype> Reference to the matching smart card Tokend
identifier i.e. cac, piv, ....
<CARDTYPE> Reference to the matching smart card spec
identifier i.e. CAC, PIV, ....
<CardIdent> The Smart Card's 20 character (alpha-numeric)
Sample complete path would look like:
Directories and contents stored inside the directory are as follows:
And files stored are copies of the certificates:
0-Email Encryption Certificate
0-Email Signing Certificate
Text file containing the "Name" as it appears in the Keychain List.
This defaults to: <CARDTYPE>-<CardIdent> (like the dir above)
You can change this text if you would like and have sudo privs
This is an Index into CDSA (CSSM DL DB)
This is a "working" directory :-)
2) Clearing the Cache directory
So if I were to issue the command:
sudo rm -r /var/db/TokenCache/tokens/
It would wipe out the cache related to that specific card, but it
will be automatically re-created when I re-insert the card.
Just pull the card prior to issuing the above command and then re-
insert the card afterwards.
Clearing the complete directory would not cause any harm:
sudo rm -rf /var/db/TokenCache/tokens/
The "tokens" directory will be re-created on next card insertion as
well. This would help you avoid having to use a wild-card style
By removing the card directory(ies), it would mean that if you did any
manual modification to say the "PrintName" that you would need to just
repeat the modification. Some folks have changed the PrintName to
reflect personal naming conventions preferences -- i.e. "Shawn Test
CAC". Be very careful on length and characters used.
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden