Re: [Fed-Talk] [EXT] export CAC certificate(s) on Big Sur?
Re: [Fed-Talk] [EXT] export CAC certificate(s) on Big Sur?
- Subject: Re: [Fed-Talk] [EXT] export CAC certificate(s) on Big Sur?
- From: "Blumenthal, Uri - 0553 - MITLL via Fed-talk" <email@hidden>
- Date: Fri, 29 Jan 2021 14:14:40 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=scGVBcJSAIjDGrXAFxHLyQVv8Ra7hnw9lxGfLvr4m/8=; b=VG/Ar6UpgWu8/O6I191RZSEaD6tA5qDGjNg9BIrnv0Fp+J4D6shjcC/qdtXioJUYLI0RAoxpq4cOs0Y1vyGKlVBIyJZ75OkFKOHGZnIWMvk68jee/dopKi44KnizAxcRDgBwdpXrHWz5BDHlnrKPydcPPDbKNji0k2UEYvcDU8ZT8/KSsvwgF4gWQcVEbXPCfYF9Dnsy76kJsnmIiixkb2dptAngekUTJv2VJOnoh4U+l2nJ510RWz8DLozAViboKZP4outck4lKol7VlmGp5eZGbcQfFezovsxro2wIfXvOuzOWWXhzQwojzQN3eK6wj2zfg9a7FRuSS6fg/rJD6A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=aACN3/agTjhff1pUdebLGcCYasEqTI5BIQKyDxcoSjijuQ2zArTj2OUk8x++AwJiAsNOI4DKvfNCAA3AcW2St45SQIYM2BwTUCD6pIVbGAfZzHBOnysEmROJ7whKCDHYnr0gZyQxCVObl4WYsMYSuWsy2KhyYtanUM4lMTp2EDfvtZwLWWTd3MZ3pexYFQVfZUUAcX2kbtl5OewzzLgU1b/JNzbbor0V1Bnx+vLPsALCfdLbOOpaYSAx12T0OPSnjSplkLO34u1F/0Hewwf207CuaD9syD7iRkoqZxoKR7yXVdXpFVc2effYIBoeApHXhAaapdvSt9ZVFtS3lRpd1w==
- Thread-topic: [Fed-Talk] [EXT] export CAC certificate(s) on Big Sur?
On 1/29/21, 08:35, "Timothy J Miller via Fed-talk" <email@hidden>
wrote:
> Apple's token support changed from tokend to CryptoTokenKit in ... 10.14?
Yeah, around that time.
> You can still disable CTK and use tokend in Catalina but maybe not in Big
> Sur. At any rate, CTK is certainly the default.
I haven't tried it. Been told it's a royal pain even if doable. Better just get
used to CTK.
In any case, there's no way to build Tokend since Xcode-10 (and we're now at
Xcode-12), so I pretty much abandoned that component. To keep it up need both
Xcode-9, and the OS that allows Xcode-9 to run.
> At any rate, Keychain Access doesn't display CTK-driven stores.
Yup. ☹
> However, you should be able to find your cert in the general cert store;
> just search
> on your EDIPI or full name.
This is the main point of this post - what's the best way to search for a cert,
and what options (other ways/tools) are there?
> In the worst case, send yourself a signed email and pull the cert from the
> email.
__
On 1/28/21, 11:45, "Jeff Haferman via Fed-talk" <email@hidden>
wrote:
I need to register my CAC in order to access a DoD site
(in this case https://piee.eb.mil/piee-landing/)
Of course the instructions I received assumed an underlying Windows OS
(use Active Client, Internet Explorer, or Edge).
There is one section that says I can do it on a Chrome Browser, but
Chrome ends up opening Keychain Access. When a colleague (on Catalina) does
this, he can see his CAC in Keychain and export his certificates.
On Big Sur, I don't see my CAC certificates. I'm assuming the cause is
Big Sur, but I could be wrong.
Should I be able to see my CAC certificates in Keychain Access on Big
Sur? Or do I need to find a Windows machine?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden