Re: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
Re: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
- Subject: Re: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
- From: "Golbig, Allen M. \(GRC-V000\)\[Peerless Technologies Corp.\] via Fed-talk" <email@hidden>
- Date: Thu, 28 Jan 2021 18:26:42 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nasa.gov; dmarc=pass action=none header.from=nasa.gov; dkim=pass header.d=nasa.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4X/TPKNDb543alErwTzB5MCt+ATW479tCCwZZvZYkcw=; b=M7+YEc8Md7jlhXHrB4bWKKUf6t6UjEo128llLD8Gln7sy1QIyXCNe9zO5wdrKOLzUYnP6CEl5Y1EDErMeHoPXO84mXn2vEOUA8PaDa7rMTN52xNrrzOqkflRbGjpdimu0DfxDHPj262n7YkFrbhAqqGySBPaErnCOswAd9d+XGSrMbh8y+JU0AFzSycAxO9eUDD/ZTVYOpTiGT5ky33OYRSu04Ouv+zKbMpHb8eBuWvYy1LvJMZGZTdvGBz+Y8WXzF22PvcbyUpmKrgbZHHcuAm/tNY/zARwZflkxEfPY498QDVWwnYGavsOWYBZOJb/h6id+dJRjC++COH/CkqT6A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OYkLX+pfLXC6qFsn3h03v0wTFSN9U42W3dGcuDZk0cuJ8tJX7bOyCiYDtmLEaoRmLj2ImmXgN/F6/TYr2CuYKetW0Eth3FPt81+Nv8Qj0qEfpcWLg0Xup1mWC9GA/2hp79G3BlmfGPjYOA73mToNof8FD1DIWmZh2+iiZJCF6nUf1A0Bu3t5dL1EhWy+mSNGgj3wYHPmgv1eEssLWtOwqt6SJLBTm+ot1wAhRt304rEByZVXphqpd2Twwi3zZ5FQgxktSgEc7rr4E3gREvTw6r3bfwCJMpHj6+5bE3lNCLiKbGKWOItS9A/u6WSyQKXlWJ9FntnUPFUdZXs6Ib815Q==
- Dkim-filter: OpenDKIM Filter v2.11.0 ndmsvnpf103.ndc.nasa.gov 290714007A75
- Thread-topic: [EXTERNAL] Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
For GUI there is also TokenShow,
https://gitlab.com/orchardandgrove-oss/TokenShow.
Thanks
Allen
From: Blumenthal, Uri - 0553 - MITLL via Fed-talk <email@hidden>
Date: Thursday, January 28, 2021 at 1:24 PM
To: email@hidden <email@hidden>
Subject: [EXTERNAL] Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
If you want GUI – search through the Apple App Store and get the app “Smart
Card Utility”. It does what you need. You can test-drive it for almost a year,
then the purchase cost is $9.99. I just bought it after my trial expired,
because I liked it.
Otherwise – do what Daniel suggested
To export your certs, you can open Terminal.app and run the following:
security export-smartcard -e ~/Desktop/
This will save a .pem file for each certificate and public key to your Desktop.
They will be named something like:
Certificate for PIV Authentication (LASTNAME.FIRSTNAME.EDIPI).pem
Certificate for Digital Signature (LASTNAME.FIRSTNAME.EDIPI).pem
Certificate for Key Management (LASTNAME.FIRSTNAME.EDIPI).pem
Public Key - Certificate for PIV Authentication (LASTNAME.FIRSTNAME.EDIPI).pem
Public Key - Certificate for Digital Signature (LASTNAME.FIRSTNAME.EDIPI).pem
Public Key - Certificate for Key Management (LASTNAME.FIRSTNAME.EDIPI).pem
Or what Ken suggested
If you really need to upload the whole certificate, well, you can find it
under About This Mac -> System Reporter -> Software -> SmartCards.
All of the certificates are displayed in PEM format and you can
cut & paste them from there. I believe you can also use the "security"
command to dump those certificates.
If you have OpenSC installed, uou can from the Terminal window
pkcs15-tool --read-certificate 01
for PIV Auth certificate (cut-n-paste the output, or redirect to a file).
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
From: Jeff Haferman via Fed-talk <email@hidden>
Reply-To: Jeff Haferman <email@hidden>
Date: Thursday, January 28, 2021 at 12:45
To: "email@hidden" <email@hidden>
Subject: [Fed-Talk] export CAC certificate(s) on Big Sur?
I need to register my CAC in order to access a DoD site
(in this case
https://piee.eb.mil/piee-landing/<https://gcc02.safelinks.protection.outlook.com/?url=https://piee.eb.mil/piee-landing/&data=04|01|email@hidden|4dec40fd15804f32712b08d8c3b9f0ec|7005d45845be48ae8140d43da96dd17b|0|0|637474550678684694|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|1000&sdata=UnN7lcq4xKd8KELqB216SvJyyl5WuF5cF09LI/T5Cmo=&reserved=0>)
Of course the instructions I received assumed an underlying Windows OS (use
Active Client, Internet Explorer, or Edge).
There is one section that says I can do it on a Chrome Browser, but Chrome ends
up opening Keychain Access. When a colleague (on Catalina) does this, he can
see his CAC in Keychain and export his certificates.
On Big Sur, I don't see my CAC certificates. I'm assuming the cause is Big Sur,
but I could be wrong.
Should I be able to see my CAC certificates in Keychain Access on Big Sur? Or
do I need to find a Windows machine?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden