Re: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
Re: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
- Subject: Re: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
- From: "Blumenthal, Uri - 0553 - MITLL via Fed-talk" <email@hidden>
- Date: Thu, 28 Jan 2021 18:35:58 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U70Xu4h3t8Hmf6nUSrFvVaNKqO2yeJRLaGn+MJGldr0=; b=vWdPfwVtdFBEo6ti7k1wE+Aktbcl+sCrSGjIwsftmoyblSojXQ0+85POWVxlGYg4O444Umj527sHJnpBYqkqE24cYDvVG6XfmCJ+QbJI6E8KRFcquMYNAZERUKYH+xEes4uJzDtCcp0G63LO2wKwRpY6eQo2bumL0W+KTiOD6lu3KQTFQEkIbRx2gjpzJ3WXC5NCqPmLIRjMRPFE7i8gqhFNC1yT1w8IKUtj/9ndy89fh3FhnU3DhharQmEKKaYAyAsv3yVfBp0UuazFXg+6X3gKH7hA5jCdZh+7kOgNelWAVbP/E8ZzAU4bed+r+OhJAuKSfP/bygpHUL3KjJ1FOg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=U2Blk/kX8H13GHhGFT5oO7KgmQUPrehiTki/jarclMfLUmyW5pHQjXKAnoS2Ffrl8VkDOBY4WWyCPWcEuwsU4RpPA5xSFal+J9GlFpZa5AkRv824zNQfYQ17BuUwPD71hjUV0/sDTcqj73S/N+exYRoECCNgPB3ZnQTG22QV7N7adplT+96i9rTlQeNCGe14evKdecZrgziLQV/UkFrSWQI7fYdOYYj0K4W03YlEyG6sApo2o8W8Ncza1UmyWfR9A5VkSzJvc5B0dCMwXY4TfwAzSZ4gwQlBVmJScMMz/HnDWdj/eCVeRuwjNtT3ba3CXXNpJrpDPFyLhHomoblzSA==
- Thread-topic: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
Yep, thanks for pointing out that open source app. I confirm that it works and
displays all the certs (and allows exporting them).
Problems:
Doesn’t seem to display how many PIN attempts are remaining (or whether the
token is locked);
Doesn’t seem to given an option for changing the PIN.
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
From: "Golbig, Allen M. (GRC-V000)[Peerless Technologies Corp.] via Fed-talk"
<email@hidden>
Reply-To: "Golbig, Allen M. (GRC-V000)[Peerless Technologies Corp.]"
<email@hidden>
Date: Thursday, January 28, 2021 at 13:27
To: "email@hidden" <email@hidden>
Subject: Re: [Fed-Talk] [EXTERNAL] Re: export CAC certificate(s) on Big Sur?
For GUI there is also TokenShow,
https://gitlab.com/orchardandgrove-oss/TokenShow.
Thanks
Allen
From: Blumenthal, Uri - 0553 - MITLL via Fed-talk <email@hidden>
Date: Thursday, January 28, 2021 at 1:24 PM
To: email@hidden <email@hidden>
Subject: [EXTERNAL] Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
If you want GUI – search through the Apple App Store and get the app “Smart
Card Utility”. It does what you need. You can test-drive it for almost a year,
then the purchase cost is $9.99. I just bought it after my trial expired,
because I liked it.
Otherwise – do what Daniel suggested
To export your certs, you can open Terminal.app and run the following:
security export-smartcard -e ~/Desktop/
This will save a .pem file for each certificate and public key to your Desktop.
They will be named something like:
Certificate for PIV Authentication (LASTNAME.FIRSTNAME.EDIPI).pem
Certificate for Digital Signature (LASTNAME.FIRSTNAME.EDIPI).pem
Certificate for Key Management (LASTNAME.FIRSTNAME.EDIPI).pem
Public Key - Certificate for PIV Authentication (LASTNAME.FIRSTNAME.EDIPI).pem
Public Key - Certificate for Digital Signature (LASTNAME.FIRSTNAME.EDIPI).pem
Public Key - Certificate for Key Management (LASTNAME.FIRSTNAME.EDIPI).pem
Or what Ken suggested
If you really need to upload the whole certificate, well, you can find it
under About This Mac -> System Reporter -> Software -> SmartCards.
All of the certificates are displayed in PEM format and you can
cut & paste them from there. I believe you can also use the "security"
command to dump those certificates.
If you have OpenSC installed, uou can from the Terminal window
pkcs15-tool --read-certificate 01
for PIV Auth certificate (cut-n-paste the output, or redirect to a file).
--
Regards,
Uri
There are two ways to design a system. One is to make is so simple there are
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
From: Jeff Haferman via Fed-talk <email@hidden>
Reply-To: Jeff Haferman <email@hidden>
Date: Thursday, January 28, 2021 at 12:45
To: "email@hidden" <email@hidden>
Subject: [Fed-Talk] export CAC certificate(s) on Big Sur?
I need to register my CAC in order to access a DoD site
(in this case https://piee.eb.mil/piee-landing/)
Of course the instructions I received assumed an underlying Windows OS (use
Active Client, Internet Explorer, or Edge).
There is one section that says I can do it on a Chrome Browser, but Chrome ends
up opening Keychain Access. When a colleague (on Catalina) does this, he can
see his CAC in Keychain and export his certificates.
On Big Sur, I don't see my CAC certificates. I'm assuming the cause is Big Sur,
but I could be wrong.
Should I be able to see my CAC certificates in Keychain Access on Big Sur? Or
do I need to find a Windows machine?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden