• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Apple Mail, exchange server, and signatures
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Apple Mail, exchange server, and signatures

  • Subject: Re: [Fed-Talk] Apple Mail, exchange server, and signatures
  • From: "Rowe, Walter P. \(Fed\) via Fed-talk" <email@hidden>
  • Date: Tue, 7 Jul 2020 18:49:55 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l46AvdyMFq+v3oeJKEm9nXtjcDinAQ9wtbhrkZAHxCQ=; b=grxOUfxcA8BbTsB75ngGjPFAfDURJnDHnRkxYZmUyxCEx3CGs+PlofHoGrSZltmNuefecWAzWG9mJyVpPql1irxD+vB2MUZ+W0GoGFGCnim/unx9dKVYGLQBL28Z1M51uNr5A2XKGW6trgd+XZnOLWfpKDvKMweYCF//lF6WkS+IFaluHkmhk1cI0hVbvCssW1UvJuqS+xngiHfLjJKJLHGg2ajhKEMoVtQ5ojeBJ63tLXffnK+1U7kU6Se4aRAFPYNjpG1QN9ARKyMDBCgDbP2+zHIYruUz6dyu+YP+v2d9sKq5MIZzwJmim1/cfjU28L/yZ2ScQTqIcl1s1Mxaig==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QmcnQJUtmuing2T8FxPwvplTa5OtR4lVKe+RsOecTDjtc2N7/dtmHfuzcKDB/Sdm8ZeQhJmMy+dwqAwmy3kRQvqO0hdDxph7TCHBeD/1MYm4rYsNdtp1fkiN+T2kP+6Fk5m9ipZYsI6YMvXIsVaTxEc1h3vrY/Ysnep3bAkHrr6E/7TNRGQlRM5h7V8VZKkNteU3ronXcNM+iBqa5O3ZubJAUHlppCHMDel2+vB4wEuKsObX2xoTS3iXJ/Nw+z2mKOEAKXLOPxgPn9oci+QaplI7L2djg5korz7fHjP5rtjJoVSz1W9+oOlF/IzUUKxmiTBgasK74T7oeBlLpB8C3g==
  • Thread-topic: [Fed-Talk] Apple Mail, exchange server, and signatures
In addition to using the correction attribute mapping for the certificate on
the PIV card, you also need enable searching the directory for certificates in
Keychain Preferences if your system is joined to Active Directory. Active
Directory has the GAL for this. If you use LDAP for directory services, then
you need to make sure it has the proper attribute populated with those keys on
your user objects.

[cid:9782C99F-7C2C-47B5-A156-23E9C9C1C1D8@home]

This enables Apple Mail to find recipient certificates in your directory
services (assuming in-house recipient public keys are published there) in
addition to your local Keychain.

Walter
--
Walter Rowe, Division Chief
Infrastructure Services, OISM
Mobile: 202.355.4123

On Jul 7, 2020, at 1:34 PM, Hardis, Jonathan E. Dr. (Fed) via Fed-talk
<email@hidden<mailto:email@hidden>> wrote:

On Jul 7, 2020, at 12:13 PM, Noam Bernstein via Fed-talk
<email@hidden<mailto:email@hidden>> wrote:

Does anyone have experience with Apple Mail and Exchange server? My
understanding is that basic functionality is ok, but there are a couple of
missing things that I wonder anyone knows how to manage.

1. has anyone successfully sent Smartcard signed/encrypted email from Apple
Mail and an Exchange server?

Yes.  I do this regularly.

It took a while to figure out how to make it work, though.  The difficulty is
that we have two forms of e-mail addresses.  There is a short form that follows
from our usernames in a Windows AD environment
(email@hidden<mailto:email@hidden>) and a long form based on our full
names (email@hidden<mailto:email@hidden>).  It’s the
latter that matches the certificate on the PIV card.  Under
Mail/Preferences…/Accounts/Account Information there’s a pop-up menu for "Email
Address”.  That address must be in the long form to match the certificate.
When it does, the buttons appear to allow you to encrypt and sign.

    - Jonathan

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
https://gcc02.safelinks.protection.outlook.com/?url=https://lists.apple.com/mailman/options/fed-talk/walter.rowe%40nist.gov&amp;data=02|01|email@hidden|48f8faf19f1d428c902808d8229bfe35|2ab5d82fd8fa4797a93e054655c61dec|1|0|637297400667029836&amp;sdata=Tny39JPuWi93ZMnl/vSSCOiPeNzmo2/lE6F+Xuw6+Ps=&amp;reserved=0

This email sent to email@hidden

PNG image

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] Apple Mail, exchange server, and signatures
      • From: Noam Bernstein via Fed-talk <email@hidden>
References: 
 >[Fed-Talk] Apple Mail, exchange server, and signatures (From: Noam Bernstein via Fed-talk <email@hidden>)
 >Re: [Fed-Talk] Apple Mail, exchange server, and signatures (From: "Hardis, Jonathan E. Dr. \(Fed\) via Fed-talk" <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Apple Mail, exchange server, and signatures
  • Next by Date: Re: [Fed-Talk] Apple Mail, exchange server, and signatures
  • Previous by thread: Re: [Fed-Talk] Apple Mail, exchange server, and signatures
  • Next by thread: Re: [Fed-Talk] Apple Mail, exchange server, and signatures
  • Index(es):
    • Date
    • Thread