Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
- Subject: Re: [Fed-Talk] Encrypted Apple Mail w/ PIV
- From: "Levine, Jason (NIH/NCI) [E]" <email@hidden>
- Date: Fri, 14 Mar 2014 14:08:11 +0000
- Thread-topic: [Fed-Talk] Encrypted Apple Mail w/ PIV
With all these folks who are reporting that it works for them, I buckled down to do some more testing this morning, and damn if I just can’t get it to work at ALL. I’ve tried on 10.9.2 and 10.9.redacted; I have PKard 1.5 as my underlying PIV-enabling layer, and I definitely have the relevant Keychain Access checkbox checked that is supposed to search the directory for certs. But the only recipients I’m able to encrypt email to in Mail.app are those for whom I already have certs in my keychain. (And I know my PIV is working fine otherwise, because (a) I’m able to SIGN email just fine, and (b) I can use it in other places, like decrypting email and signing into cert-enabled websites.)
Is there some way I can further debug what’s happening?
Jason
On Mar 13, 2014, at 3:50 PM, William Cerniuk <email@hidden<mailto:email@hidden>> wrote:
A couple of things.
1 - Apple Mail is a little slow on the uptake. It can take a long time to recognize that you have the smart card installed
2 - Relaunching Apple Mail will frequently encourage it to look for the certs and find them
3 - the installer, as it is, puts all the files in the system and they conflict with one another (need to trim)
I will send you the installer I built to get around the problem in a moment if you are willing to test. Otherwise you can hand trim if you like.
--
R/Wm.
703.594.7616
On 13-Mar-2014, at 15:18, email@hidden<mailto:email@hidden> wrote:
We have been having similar discussions at work with regards to moving OSx users to S/MIME-encrypted enterprise email. Any help on this would be greatly appreciated.
Hemen H. Mehta
DPC
US Senate
On Thu, Mar 13, 2014 at 3:12 PM, Levine, Jason (NIH/NCI) [E] <email@hidden<mailto:email@hidden>> wrote:
Walter, I *literally* was about to post this same question — I've struggled over the past few years to figure out if there's a way to get this to work properly. I'm now faced with an absolute, ironclad mandate to move a set of OS X users over to S/MIME-encrypted enterprise email in the next month, and this one issue is literally my biggest obstacle.
Any advice would be appreciated!
Jason Levine
Center for Cancer Research, National Cancer Institute
> We have our PIV certs populated in AD. I have the OS X Smartcard Services installed and enabled on an OS X 10.9.2 laptop bound to AD. I can successfully log into OS X with my PIV card. I can create new email messages with click the digital signature button to successful send digitally signed emails. I can’t click the encryption button. It is is grayed out.
>
> I read in Apple Mail Help that I need the personal certificate for each recipient in my Keychain to send them encrypted messages. Can Apple Mail not get those certificates from AD?
>
> Walter
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
—
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden