Re: [Fed-Talk] RE: NMCI OWA issue
Re: [Fed-Talk] RE: NMCI OWA issue
- Subject: Re: [Fed-Talk] RE: NMCI OWA issue
- From: Kerry Matthews <email@hidden>
- Date: Fri, 16 Oct 2009 10:11:57 -0500
Paul,
To send encrypted e-mail *to* someone, you need their public
encryption cert. If they have a CAC, then their cert should be
published in the DoD411 (https://dod411.gds.disa.mil), and if you have
a CAC you should be able to view that site. For the Mac, just lookup
the other user's cert on DoD411 and import the "Netscape" type
certificate - it's just a plain certificate file you can import into
your login keychain.
Another thing is that you must send e-mails that you want encrypted to
the *exact* e-mail address listed on the other user's cert (e.g. email@hidden
and not email@hidden). If you open up their cert in
Keychain Access, yours is "email@hidden."
Thanks,
Kerry Matthews | email@hidden
Information Systems Security Manager
CSC @ Alabama Supercomputer Program
On Oct 16, 2009, at 10:04 AM, Evans, Paul CIV NAVAIR Bldg 1463 wrote:
After more testing. It seems that I cannot encrypt email to
anyone. I'm
not an encryption expert, but my guess is that the email is not being
encrypted with the proper cert. Does anyone know of a good way to
troubleshoot this?
pe
On 10/14/09 5:13 PM, "Timothy J. Miller" <email@hidden> wrote:
Alternatively, the recipients should go recover their old encryption
keys using Automated Email Encryption Key Recovery service
(https://ara-1.c3pki.chamb.disa.mil/ara/Key) the because
(1) this is probably the problem, and
(2) yours is not the only email they'll have trouble with, just the
only
one they've noticed so far.
-- Tim
GARITY, TOM wrote:
One thing that can cause this is if the user has replaced their CAC.
The certificates from their old CAC are being used to encrypt the
email. You need to clear the old certificate out of their
contact, have
them send you a digitally signed email to get their new cert, and
then
update the contact entry with the new certificate.
That is not to say a CAC change-out is the only issue, but it is
definitely one cause.
*TOM GARITY*
Mobile +1 619.726.2216
Desk +1 619.817.3536
*From:* fed-talk-bounces+tom.garity=email@hidden
[mailto:fed-talk-bounces+tom.garity=email@hidden] *On
Behalf
Of *Paul Evans
*Sent:* Wednesday, October 14, 2009 12:55 PM
*To:* email@hidden
*Subject:* [Fed-Talk] NMCI OWA issue
I¹ve been happily using Entourage 2008 to access my NMCI email for
a few
months now with no CAC issues. Lately, though, some encrypted
emails
that I sent have been unable to be opened by the recipients. The
NMCI
users get the following error.
³Can¹t open this item. Your Digital ID name can not be found by the
underlying security system.²
The certs for the recipients listed in my contact list look correct.
The NMCI help desk says it¹s not their problem.
Has anyone else seen this and does anyone know what the issue
might be?
Thanks,
pe
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden