[Fed-Talk] CAC, keychains and identity preferences (UNCLASSIFIED)
[Fed-Talk] CAC, keychains and identity preferences (UNCLASSIFIED)
- Subject: [Fed-Talk] CAC, keychains and identity preferences (UNCLASSIFIED)
- From: "Dunbar, Michael W Mr CTR USA USAMC USA" <email@hidden>
- Date: Fri, 04 Feb 2011 17:58:38 -0500
- Priority: normal
Classification: UNCLASSIFIED
iMac 2.8 Ghz Intel Core 2 Duo // OS: 10.5.8 // browser: Firefox
I just got my new CAC today and for the first time ever, it shows up in Keychain Access (it's the Gemalto TOPDLGX4). My initial goal is to get it set up to be able to log on to AKO. First, Keychain Access shows that the card has 4 certificates with 4 distinct keys attributed: Identity Private Key, Email Signing Private Key, Email Encryption Private Key and Piv Authentication Private Key. The next step in the instructions from AKO have me "select the desired certificate," right click and select "New Identity Preference." Then I am to enter the website I wish to enter. In my case it's the CAC login portal of AKO (https://www.akocac.us.army.mil/). Now, it's not entirely clear which certificate I am to attribute this site to. In the list of possible sites in my instructions, next to the URL is "DOD CAC-xx" in parenthesis. I go to "login," the next item under my CAC in the left sidebar and see the identity preference I just created, but there's a little red dot with an "x" in front. I double click, a window pops up and in the "Preferred Certificate" drop-down menu it shows "not available." When I click on the drop-down menu, it shows 12 certificate choices. After reviewing the details of each, there are 6 email certificates and 6 non-email certificates. On a hunch, based on the "DOD CAC-xx" clue and the details of the certificates shown in that window, I chose one that listed its primary function as "login authentication."
When I attempted to log on to AKO via CAC, I'm redirected to a page with a "Warning You do not have permission to access this resource" message. I should mention that the new card HAS been registered with AKO and login works within the virtualized Windows environment on the same machine.
Thoughts?
--
Michael Dunbar
Graphic Designer (L-3 MPRI)
supporting SEC-Lee TLD
804.734.7101 | email@hidden
Classification: UNCLASSIFIED
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden