RE: [Fed-Talk] JITC CAC card gets " An untrusted certificate authority was detected while processing the smart card certificate used for authentication" login error...
RE: [Fed-Talk] JITC CAC card gets " An untrusted certificate authority was detected while processing the smart card certificate used for authentication" login error...
- Subject: RE: [Fed-Talk] JITC CAC card gets " An untrusted certificate authority was detected while processing the smart card certificate used for authentication" login error...
- From: "Miller, Timothy J." <email@hidden>
- Date: Wed, 7 Apr 2010 15:20:01 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] JITC CAC card gets " An untrusted certificate authority was detected while processing the smart card certificate used for authentication" login error...
It would be surprising to me if Win7 changed the wording or conditions significantly, as they were nearly exactly the same between XP and Vista.
-- Tim
>-----Original Message-----
>From: Paul Kwan [mailto:email@hidden]
>Sent: Tuesday, April 06, 2010 5:02 PM
>To: Miller, Timothy J.
>Cc: Apple FED-TALK
>Subject: Re: [Fed-Talk] JITC CAC card gets " An untrusted certificate
>authority was detected while processing the smart card certificate used
>for authentication" login error...
>
>Hi Tim,
>
> The error message is coming from a Windows 7 smart card login.
>Thanks.
>
>PSK
>
>On 4/6/10 2:46 PM, "Miller, Timothy J." <email@hidden> wrote:
>
>
>
> Was the client Vista or XP? There are slight differences in error
>text presented for different error conditions on both versions. And are
>you 100% positive that was the exact error text? There are multiple
>messages that are similar, and the specific message matters.
>
> I recently did a near-exhaustive record of all the different error
>conditions for PKINIT with Win2k3/XP and Win2k8R2/Vista and noted the
>event log, console message, and Kerberos error returned for each case.
>That particular verbiage ("An untrusted certificate authority was
>detected") only occurs when there's broken trust issue at the DC
>(missing root or missing issuer).
>
> -- Tim
>
>
> >-----Original Message-----
> >From: Paul Kwan [mailto:email@hidden]
> >Sent: Tuesday, April 06, 2010 4:33 PM
> >To: Miller, Timothy J.; Apple FED-TALK
> >Cc: Louie Boczek; Keith Moreau; Paul Moore; David McNeely
> >Subject: Re: [Fed-Talk] JITC CAC card gets " An untrusted
>certificate
> >authority was detected while processing the smart card
>certificate used
> >for authentication" login error...
> >
> >Hi Tim,
> >
> > I double checked all 3 certificated on our DC and they are
>all valid
> >and under the "Trusted Root Certification Authorities" and
>"Intermediate
> >Certification Authorities" tabs:
> >
> >
> >
> >
> >
> >
> >
> > Thanks.
> >
> >PSK
> >
> >On 4/6/10 1:33 PM, "Miller, Timothy J." <email@hidden>
>wrote:
> >
> >
> >
> > That specific message only appears on Vista when the *DC*
>doesn't
> >trust the root CA the logon certificate chains to, or the DC
>doesn't
> >trust the issuer the chain passes through. In this case, that's
>the
> >JITC root CA or OM 20 or OM Email 20. Check trust on the DC, fix
>it,
> >and continue. :)
> >
> > -- Tim
> >
> >
> > >-----Original Message-----
> > >From: fed-talk-bounces+tmiller=email@hidden
> >[mailto:fed-
> > >talk-bounces+tmiller=email@hidden] On Behalf
>Of Paul
> >Kwan
> > >Sent: Tuesday, April 06, 2010 8:18 AM
> > >To: Apple FED-TALK
> > >Cc: Louie Boczek; Keith Moreau; Paul Moore; David McNeely
> > >Subject: [Fed-Talk] JITC CAC card gets " An untrusted
>certificate
> > >authority was detected while processing the smart card
> >certificate used
> > >for authentication" login error...
> > >
> > >Hi All,
> > >
> > > I has test JITC CAC card that worked on Mac and
>Windows
> >workstation
> > >since May last year. Now I got the following error when
>trying to
> >login
> > >again:
> > >
> > > 1) From the Windows login screen, it pops up this
>error
> >message:
> > >
> > >The system could not log you on. An untrusted certificate
> >authority was
> > >detected while processing the smart card certificate used
>for
> > >authentication
> > >
> > > 2) On the Mac, secure.log shows similar error message
> >complaining on
> > >"An untrusted CA..."
> > >
> > > The JITC CAC card is valid until next year. And the
>DoD certs
> >on AD
> > >are also valid:
> > >
> > > 2.1) "DOD OM CA-20": Valid from 8/3/2007 to
>8/1/2013
> > > 2.2) "DOD OM EMAIL CA-20": Valid from 8/2/2007 to
> >4/1/2013
> > > 2.3) "DoD JITC Root CA 2": Valid from 7/14/2005
>to
> >7/2/2030
> > >
> > > 3) I can access and download the CRL files without
>any
> >problem:
> > >
> > > 3.1) http://crl.nit.disa.mil/getcrl?DoD JITC
>Root CA 2
> > > 3.2) http://crl.nit.disa.mil/getcrl?DOD OM CA-20
> > > 3.3) http://crl.nit.disa.mil/getcrl?DOD OM EMAIL
>CA-20
> > >
> > > Does anybody out there see the similar problem? How
>can I fix
> >this
> > >so that my test JITC CAC card works again? Thanks for the
>help in
> > >advance.
> > >
> > >PSK
> >
> >
>
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden