Re: [Fed-Talk] CAC encryption support
Re: [Fed-Talk] CAC encryption support
- Subject: Re: [Fed-Talk] CAC encryption support
- From: Dave Schroeder <email@hidden>
- Date: Mon, 28 Nov 2011 05:57:27 -0600
Running Keychain First Aid (Keychain Access -> Keychain First Aid -> Repair) will clear up the duplicate crlcache issue that seems to present itself with PKard, and *may* help with other issues.
- Dave
On Nov 27, 2011, at 10:17 PM, Gregory Adair wrote:
> Fellow Fed-Talkers,
>
> So I'm almost at my wits ends regarding this PKI nonsense I am experiencing. Back when I had 10.5.x, I was completely happy with signing and encrypting emails. In 10.6 I lost the ability, but was ok because I had an NMCI account to support anything that needed signing/encrypting. Now, I've left my embedded assignment and with it my NMCI account.
>
> I have just recently purchased a new MBP with 10.7 and read all about the CAC support issues, so I brought over my CAC* files and dropped them in /System/Library/Security/tokend after I performed a time machine transfer from my 10.6 MBP. After a restart, Voila, I was able to see my CAC and it appeared initially that I'd be able to sign and encrypt messages. At first, when I selected new mail, the lock greyed out and the digitally sign check mark was enabled so I thought, that once I add a name to the to: line it would give me the option. However, once I tried someone with whom's public cert I have and have verified, the lock never enabled but was able to send with my digital signature.
>
> Another time, I started mail, and quickly created a new message, put the same name in the to: line and before the lock greyed out, I clicked the lock but received an error stating that I couldn't encrypt because I didn't have the sender's public certificate, which was weird, because their cert in my keychain matched the one in the email that was just sent to me during testing and both were valid.
>
> I've read lots of older how-to's on enabling the CAC from clearing the token cache, to adding the certs to the login keychain. I've even tried using Thursby's PKard, but nothing works.
>
> There is one strange thing though, when I click on the lock on the top menu bar to open keychain access, I noticed today that there were about 30 unlock crlcache entries in the drop down window. Never noticed them before in the older OS's. May be a separate issue.
>
> If anyone has any suggestions, feel free to email me directly or post up to the list. Thank you.
>
> -Greg
> ________________
> Gregory Adair
>
> JCDX Project Execution Lead
> SPAWAR Systems Center Pacific
> E-mail: email@hidden
> tel: (619) 553-4072
> cell: (619) 206-4877
> fax: (619) 553-4063
>
>
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden