Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
- Subject: Re: [Fed-Talk] export CAC certificate(s) on Big Sur?
- From: Ken Hornstein via Fed-talk <email@hidden>
- Date: Thu, 28 Jan 2021 14:23:25 -0500
>It looks like I could either install one of the apps mentioned, or use
>the "security export-smartcard ..." step and then convert from PEM to
>DER.
You know, it has always frusted me that half the programs require
DER format and half require PEM format. It's easy to convert from one
to the other using something like the openssl command line tools,
but as you mention that's hard for nontechnical users. It would make
sense for Keychain Access to be the place to handle Smartcard identities,
but I guess there aren't enough Smartcard users to make this a priority.
Sigh.
>And, interesting point regarding Catalina. I know for Mojave (10.14.x)
>and earlier we were running CACkey middleware, though I have a new Mac
>since those days. My colleague upgraded from 10.14 to 10.15, so perhaps
>CACkey is somehow still in place there and allows him to see his CAC
>certificates in keychain access. I'm not going to dwell on that.
My limited understanding and memory is:
- Apple started introducing built-in smartcard support on Sierra
- It really started working well on High Sierra
- Most people stuck with middleware like CACKey because they had something
working, but at that point you could pick either a third party middleware
solution or the Apple included drivers.
- There was a bunch of screaming on this list (check the archives from
October 2019) when Catalina was released because that's when tokend
was finally disabled (although from memory, you could sort-of turn it
on but it didn't work very well).
--Ken
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden