Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
- Subject: Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
- From: Jeff Haferman via Fed-talk <email@hidden>
- Date: Thu, 28 Jan 2021 11:23:15 -0800
You underestimate our bureaucracy ;)
But yes, that seems the best course of action for Enterprise.
Thanks again everyone, this is a great group.
On Thu, Jan 28, 2021 at 11:00 AM Blumenthal, Uri - 0553 - MITLL <
email@hidden> wrote:
> I'm technical, so all of these solutions are fine for me. But, for
> Enterprise use on the Mac, these solutions aren't super convenient for our
> less technically inclined users.
>
>
>
> For Enterprise – have the local IT build *TokenShow.app* and push to the
> managed Macs. Simple.
>
>
>
>
>
>
>
> On Thu, Jan 28, 2021 at 10:44 AM Blumenthal, Uri - 0553 - MITLL via
> Fed-talk <email@hidden> wrote:
>
> Thanks, William.
>
>
>
> I found the “commercial” Smart Card Utility to do everything I need, with
> multiple tokens and multiple readers (e.g., CAC and Yubikey inserted at the
> same time).
>
>
>
> TokenShow.app is a true GUI app, and sems nice. Where it fails is when
> multiple tokens *or* even multiple readers are present. It would still
> export your cert(s) for you, but fails to “Change PIN” or display the
> remaining attempts, displaying “multiple tokens” text instead of a number.
>
>
>
> TNX
>
> --
>
> Regards,
>
> Uri
>
>
>
> *There are two ways to design a system. One is to make is so simple there
> are obviously no deficiencies.*
>
> *The other is to make it so complex there are no obvious deficiencies.*
>
> *
>
> -
> C. A. R. Hoare*
>
>
>
>
>
> *From: *William Cerniuk <email@hidden>
> *Date: *Thursday, January 28, 2021 at 13:39
> *To: *Fed Talk <email@hidden>
> *Cc: *Uri Blumenthal <email@hidden>
> *Subject: *Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
>
>
>
> Leveraging Uri’s comment, I have found the app to be rather nice. I have
> not exercised it enough to determine if it is a GUI app or a real app; but
> in light duty, the ragged edges of a typical GUI app has not shown. (Is a
> good thing).
>
>
>
>
>
> --
>
> V/R,
>
> Wm. Cerniuk
>
>
>
> iPhone/FaceTime/iMessage/SMS Text: 703.505.0201
>
>
>
>
>
>
>
> On 28-Jan-2021, at 13:23, Blumenthal, Uri - 0553 - MITLL via Fed-talk <
> email@hidden> wrote:
>
>
>
> If you want GUI – search through the Apple App Store and get the app
> “Smart Card Utility”. It does what you need. You can test-drive it for
> almost a year, then the purchase cost is $9.99. I just bought it after my
> trial expired, because I liked it.
>
>
>
> Otherwise – do what Daniel suggested
>
>
>
> To export your certs, you can open Terminal.app and run the following:
>
>
>
> security export-smartcard -e ~/Desktop/
>
>
>
> This will save a .pem file for each certificate and public key to your
> Desktop. They will be named something like:
>
> Certificate for PIV Authentication (LASTNAME.FIRSTNAME.EDIPI).pem
>
> Certificate for Digital Signature (LASTNAME.FIRSTNAME.EDIPI).pem
>
> Certificate for Key Management (LASTNAME.FIRSTNAME.EDIPI).pem
>
> Public Key - Certificate for PIV Authentication
> (LASTNAME.FIRSTNAME.EDIPI).pem
>
> Public Key - Certificate for Digital Signature
> (LASTNAME.FIRSTNAME.EDIPI).pem
>
> Public Key - Certificate for Key Management (LASTNAME.FIRSTNAME.EDIPI).pem
>
>
>
>
>
> Or what Ken suggested
>
>
>
> If you really need to upload the whole certificate, well, you can find it
>
> under About This Mac -> System Reporter -> Software -> SmartCards.
>
> All of the certificates are displayed in PEM format and you can
>
> cut & paste them from there. I believe you can also use the "security"
>
> command to dump those certificates.
>
>
>
> If you have OpenSC installed, uou can from the Terminal window
>
>
>
> pkcs15-tool --read-certificate 01
>
>
>
> for PIV Auth certificate (cut-n-paste the output, or redirect to a file).
>
> --
>
> Regards,
>
> Uri
>
>
>
> *There are two ways to design a system. One is to make is so simple there
> are obviously no deficiencies.*
>
> *The other is to make it so complex there are no obvious deficiencies.*
>
> *
>
> -
> C. A. R. Hoare*
>
>
>
>
>
> *From: *Jeff Haferman via Fed-talk <email@hidden>
> *Reply-To: *Jeff Haferman <email@hidden>
> *Date: *Thursday, January 28, 2021 at 12:45
> *To: *"email@hidden" <email@hidden>
> *Subject: *[Fed-Talk] export CAC certificate(s) on Big Sur?
>
>
>
>
> I need to register my CAC in order to access a DoD site
> (in this case https://piee.eb.mil/piee-landing/)
>
> Of course the instructions I received assumed an underlying Windows OS
> (use Active Client, Internet Explorer, or Edge).
>
> There is one section that says I can do it on a Chrome Browser, but Chrome
> ends up opening Keychain Access. When a colleague (on Catalina) does this,
> he can see his CAC in Keychain and export his certificates.
>
> On Big Sur, I don't see my CAC certificates. I'm assuming the cause is Big
> Sur, but I could be wrong.
>
> Should I be able to see my CAC certificates in Keychain Access on Big Sur?
> Or do I need to find a Windows machine?
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden