Re: [Fed-Talk] Apple Mail / iOS S/MIME cert lookup on GAL
Re: [Fed-Talk] Apple Mail / iOS S/MIME cert lookup on GAL
- Subject: Re: [Fed-Talk] Apple Mail / iOS S/MIME cert lookup on GAL
- From: "Rowe, Walter" <email@hidden>
- Date: Thu, 23 Jul 2015 20:27:57 +0000
- Bl2pr09mb0147: X-MS-Exchange-Organization-RulesExecuted
- Thread-topic: [Fed-Talk] Apple Mail / iOS S/MIME cert lookup on GAL
It does not work at the moment. You have to set the Keychain Preferences to "Search directory services for certificate”. Even with this set, it doesn’t work. I have tested 10.11 and posted my test results to the Apple Developer Forum. If you are a registered developer you can read about it there. This has been discussed a number of times. In my humble opinion this is not an Apple Mail issue. This is a Keychain Services issue since Apple Mail simply asks the Keychain for a cert, and Keychain is responsible for searching the directory if it doesn’t have a cert in the local keystore.
--
Walter Rowe, Application Hosting
Infrastructure Services / OISM / NIST
US Department of Commerce
Email: email@hidden
Office: 301.975.2885
> On Jul 23, 2015, at 4:17 PM, VaibhaV Sharma <email@hidden> wrote:
>
> Referring to an old thread from last year -
>
> http://lists.apple.com/archives/fed-talk/2014/Mar/msg00012.html
>
> Also this -
> https://support.apple.com/en-us/HT202345
>
> specifically where it says -
> (3) Mail consults the GAL to discover the recipient's S/MIME certificate.
>
>
> Is anyone able to get this working? I have tried several methods unsuccessfully, including -
>
> * Updating user’s cert from Outlook 20xx trust center
> * Updating userCertificate / userSMIMECertificate from AD user properties or manually
> * Joining the Mac desktop client to the windows domain and using keychain to lookup GAL / Ldap
>
> Apple mail on iOS devices spins its wheel looking for the recipient’s cert but comes back without success. Keychain on Mac OS attempts to make an LDAP call, gets the result but is not successful in consuming the cert. I even filed a ticker on this with Apple but no response yet after almost a year. I have sent multiple detailed analysis emails to our Apple account team and they have had no luck getting this figured out.
>
> The other issue I found with Mail on Mac OS is that if an outgoing encrypted email has multiple recipients and attachments, it sometimes gets stuck with 100+% cpu for about a minute before it returns to normal. I used XCode / Instruments to trace system calls and it seems to be one of the encryption routines that it gets stuck on.
>
> Any clues or further updates?
>
> Thanks,
>
> —
> VaibhaV Sharma
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden