[Fed-Talk] CAC encryption support
[Fed-Talk] CAC encryption support
- Subject: [Fed-Talk] CAC encryption support
- From: Gregory Adair <email@hidden>
- Date: Sun, 27 Nov 2011 20:17:14 -0800
Fellow Fed-Talkers,
So I'm almost at my wits ends regarding this PKI nonsense I am experiencing. Back when I had 10.5.x, I was completely happy with signing and encrypting emails. In 10.6 I lost the ability, but was ok because I had an NMCI account to support anything that needed signing/encrypting. Now, I've left my embedded assignment and with it my NMCI account.
I have just recently purchased a new MBP with 10.7 and read all about the CAC support issues, so I brought over my CAC* files and dropped them in /System/Library/Security/tokend after I performed a time machine transfer from my 10.6 MBP. After a restart, Voila, I was able to see my CAC and it appeared initially that I'd be able to sign and encrypt messages. At first, when I selected new mail, the lock greyed out and the digitally sign check mark was enabled so I thought, that once I add a name to the to: line it would give me the option. However, once I tried someone with whom's public cert I have and have verified, the lock never enabled but was able to send with my digital signature.
Another time, I started mail, and quickly created a new message, put the same name in the to: line and before the lock greyed out, I clicked the lock but received an error stating that I couldn't encrypt because I didn't have the sender's public certificate, which was weird, because their cert in my keychain matched the one in the email that was just sent to me during testing and both were valid.
I've read lots of older how-to's on enabling the CAC from clearing the token cache, to adding the certs to the login keychain. I've even tried using Thursby's PKard, but nothing works.
There is one strange thing though, when I click on the lock on the top menu bar to open keychain access, I noticed today that there were about 30 unlock crlcache entries in the drop down window. Never noticed them before in the older OS's. May be a separate issue.
If anyone has any suggestions, feel free to email me directly or post up to the list. Thank you.
-Greg
________________
Gregory Adair
JCDX Project Execution Lead
SPAWAR Systems Center Pacific
E-mail: email@hidden
tel: (619) 553-4072
cell: (619) 206-4877
fax: (619) 553-4063
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden