Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
- Subject: Re: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
- From: "Gendler, Bob \(Fed\) via Fed-talk" <email@hidden>
- Date: Fri, 18 Oct 2019 12:45:21 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OXRCLtbHfs5GNcI+soWXg3+QkxGzvxjphDbIMGWcWko=; b=cGcY2Kx5CiPMCorpt7jQFk6x/IryDO5xYbqmdmkDM04uADo7Edz2yOrH2gZsE0NED60y0wSRdKNTGcyiEdoziVGHy9aq1Awk+qWS2jws23TnMpUClc6RVSj+/XMIUgx6kCuFzea+/+vZM18Fb75RETop+WVWNzQIkjoHUADR6nQPt5bmXnB3TCRzX2QeUYMX5oPaG+RcWIqVrzBfLNK/4pPybdcHTtdZ/rOxavxoJk2RTTU5P8tulAIDThz61YaLyV+V+Qi5gfZujYiQNE11bBuber7PGXQRZ5Uh0mbamGDlMD8M7AKloUoqiBMdAlPoM7gNKevfqB4gs6MVlcry+A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f3MiV3q1271RL+CpOLR1DtPKTUHeMe5IaiYmPoXl+ke3YSqR+xH/YfSa9m7WAfJ+ns+j1/Nnmm57CHQDOOpqeQpVph61gJaXin1VvMJmfMdDx0mydpdajxp7hKG/lI25XukYgaYcJokufnS+1X2GSZaLGtaMzmm4vMpofsmLJfvqdHzjcB0rTMeXtS1IQbjkstzzkMpD1p6muTwT0q3ZvV7IbI5nEOv4qwrWW0gANdTb9nT6IKcy/oTG/TOZs9bZEGyWRQAa6I+j6fRPqwyalVPZqKwqgIorizAVqAIeiQETYc7W4/bUbTMseC9nPAwOv0GkFZ2rKZVTRKMMOpjUIw==
- Thread-topic: [Fed-Talk] [EXTERNAL] Re: MacOS X Catalina & CAC support
Preferences -> Accounts -> Your account -> Advanced -> Security.
But there is a nasty bug that has showed up here at NIST that won't allow
people who have multiple certificates on their card, because they've been here
long enough to get new certs, to read encrypted or sign emails. So it's
possible you're seeing that bug in Outlook. It's been suggested to try 16.31
Insider Fast.
Bob Gendler
IT Specialist (Security)
OISM | Managed Desktop Mac Team
U.S Dept. of Commerce | NIST
(301) 975-6054 | email@hidden
--
On 10/17/19, 11:33 PM, "Fed-talk on behalf of Blumenthal, Uri - 0553 - MITLL
via Fed-talk" <fed-talk-bounces+robert.gendler=email@hidden on
behalf of email@hidden> wrote:
Weird. I installed Office 16.30 (did not reboot), and it doesn't seem to
even see my certificates on the CAC (nor on PIV).
Is there any hidden config option?
--
Regards,
Uri
On 10/16/2019, 17:17, "Fed-talk on behalf of Jeff Haferman via Fed-talk"
<fed-talk-bounces+uri=email@hidden on behalf of
email@hidden> wrote:
I received the Outlook 16.30 upgrade for OSX last night, and after a
reboot I can confirm that I can now sign & encrypt emails using the
built-in CAC support.
On Thu, Oct 10, 2019 at 5:32 PM Hardis, Jonathan E. Dr. (Fed)
<email@hidden> wrote:
>
> On Oct 10, 2019, at 7:57 PM, Jeff Haferman via Fed-talk
<email@hidden> wrote:
>
> I read through this entire thread fairly thoroughly, but I still have
> a question. "Everything" that I want to work for CAC under Catalina
> seems to work with one exception (I am able to visit various
> CAC-enabled websites, & I can sign PDF documents in Acrobat).
> *However*, signing / encrypting emails in Outlook 2016 (16.29 to be
> exact) does not work. My CAC certificates appear in the Outlook ->
> Preferences -> Accounts -> Advanced -> Security dialog, but signing
> and encryption fail.
>
> Is this expected until Microsoft issues a new release, or is there a
> solution? Previously I had used CACkey but my understanding is that I
> should not be using anything other than the built-in ability on
> Catalina.
>
>
> Coincidentally, in a parallel e-mail discussion on another matter,
our Mac support team said this earlier today:
>
> Upgrade to Outlook Insider preview
>
> This release has full “modern” PIV support on macOS. The final
version of it should be released in the next couple of weeks, but by using the
Insider Preview, you will retain access to encrypted email using PIV.
>
> i.
You may need to reselect your PIV certificates once you upgrade.
> ii.
You may lose access to emails encrypted with historical certificates on your
PIV card.
>
> The current Office Outlook client uses the obsolete tokend methods
and requires ActivClient to work with PIV.
>
>
> - Jonathan
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
https://gcc01.safelinks.protection.outlook.com/?url=https://lists.apple.com/mailman/options/fed-talk/uri%40ll.mit.edu&data=02|01|email@hidden|72ff12dc37604d437c3f08d7537be1f2|2ab5d82fd8fa4797a93e054655c61dec|1|0|637069663867988207&sdata=OSFSg5MhaLpN5ruOyfnKBHiA4YZtzoPvFK7HEuuEDfs=&reserved=0
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden