Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
- Subject: Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
- From: "Miller, Timothy J." <email@hidden>
- Date: Fri, 14 Mar 2014 13:05:18 +0000
- Thread-topic: [Fed-Talk] Encrypted Apple Mail w/ PIV
AD == GAL, for all intents and purposes, and has been since Exchange 2000. GAL is a canned search over AD data offered on a separate port.
If your internal PKI user post-issuance instructions do not include "Go back to your desk and do 'Publish to GAL' from Outlook on Windows" you *will* have these problems. :)
-- T
>-----Original Message-----
>From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-talk-
>bounces+tmiller=email@hidden] On Behalf Of Rowe, Walter
>Sent: Thursday, March 13, 2014 3:32 PM
>To: Apple Fed-Talk List
>Subject: Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
>
>I didn't, but I do now. I also learned that we DON'T have PIV certs published in
>our AD. We have them in the GAL. I'm asking our AD team to populate a few
>in AD so I can test to see if this option in Keychain Preferences makes a
>difference. It would be great if it did!
>
>--
>Walter Rowe, Hosting Services
>Enterprise Systems / OISM
>Email: email@hidden
>Work: 301-975-2885
>
>On Mar 13, 2014, at 3:34 PM, Bracy, Jason T. <email@hidden>
>wrote:
>
>
> Just wondering if you have made sure to check the option in
>"Keychain Access" preferences to "Search directory services for certificates"?
>
>
>
> --
>
>
>
> Jason T. Bracy
> Systems Administrator | SAIC ITO
> email@hidden | saic.com
>
>
>
>
> From: <Rowe>, Walter <email@hidden>
> Date: Thursday, March 13, 2014 at 3:24 PM
> To: "email@hidden" <email@hidden>
> Subject: Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
>
>
> In my testing today, I can send encrypted email to recipients if I have
>their certificate(s) in my local keychain. I was told via private email that bug
>reports have been filed for this.
>
> --
> Walter Rowe, Hosting Services
> Enterprise Systems / OISM
> Email: email@hidden
> Work: 301-975-2885
>
> On Mar 13, 2014, at 3:18 PM, email@hidden wrote:
>
>
> We have been having similar discussions at work with regards
>to moving OSx users to S/MIME-encrypted enterprise email. Any help on this
>would be greatly appreciated.
>
>
> Hemen H. Mehta
> DPC
> US Senate
>
>
>
>
> On Thu, Mar 13, 2014 at 3:12 PM, Levine, Jason (NIH/NCI) [E]
><email@hidden> wrote:
>
>
> Walter, I *literally* was about to post this same
>question - I've struggled over the past few years to figure out if there's a
>way to get this to work properly. I'm now faced with an absolute, ironclad
>mandate to move a set of OS X users over to S/MIME-encrypted enterprise
>email in the next month, and this one issue is literally my biggest obstacle.
>
> Any advice would be appreciated!
>
> Jason Levine
> Center for Cancer Research, National Cancer Institute
>
>
> > We have our PIV certs populated in AD. I have the
>OS X Smartcard Services installed and enabled on an OS X 10.9.2 laptop bound
>to AD. I can successfully log into OS X with my PIV card. I can create new email
>messages with click the digital signature button to successful send digitally
>signed emails. I can't click the encryption button. It is is grayed out.
> >
> > I read in Apple Mail Help that I need the personal
>certificate for each recipient in my Keychain to send them encrypted
>messages. Can Apple Mail not get those certificates from AD?
> >
> > Walte
> r
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>talk/email@hidden
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden