Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
- Subject: Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
- From: Ken Hornstein via Fed-talk <email@hidden>
- Date: Thu, 28 Jan 2021 13:14:17 -0500
>There is one section that says I can do it on a Chrome Browser, but Chrome
>ends up opening Keychain Access. When a colleague (on Catalina) does this,
>he can see his CAC in Keychain and export his certificates.
Ummm ... are you sure your colleague hasn't done something ...
"non-standard" on his Catalina installation?
I can't claim to be the ultimate expert when it comes to CAC support on
MacOS X, but here's what I am reasonably confident about:
- When you're using the "old way", with a third-party tokend, certificates
definitely appear in Keychain Access.
- When you're using the "new way", with MacOS X drivers, they don't. And
tokend isn't supported on Catalina, so I am wondering WHAT they are doing.
My CAC does not appear in Keychain Access on my Catalina system.
>On Big Sur, I don't see my CAC certificates. I'm assuming the cause is Big
>Sur, but I could be wrong.
>
>Should I be able to see my CAC certificates in Keychain Access on Big Sur?
>Or do I need to find a Windows machine?
When you say you need to "export your certificate" ... exactly what does
that mean? You need to know your DN? (That's usually what those
web sites want). Do you need your whole X.509 certificate? Does it need
to be in PEM or DER format?
If you really need to upload the whole certificate, well, you can find it
under About This Mac -> System Reporter -> Software -> SmartCards.
All of the certificates are displayed in PEM format and you can
cut & paste them from there. I believe you can also use the "security"
command to dump those certificates.
--Ken
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden