Re: [Fed-Talk] [EXT] SMIME Certificate Publication Into GAL
Re: [Fed-Talk] [EXT] SMIME Certificate Publication Into GAL
- Subject: Re: [Fed-Talk] [EXT] SMIME Certificate Publication Into GAL
- From: "Timothy J. Miller via Fed-talk" <email@hidden>
- Date: Tue, 12 Sep 2023 16:15:37 -0400
"Volmer, John A. via Fed-talk" <email@hidden> writes:
> - I know Outlook for Windows can push SMIME certificates to the GAL.
>
> - But I suspect that something on the Mac can also push SMIME certificates to
> the GAL. (Based on an experience from 10
> months ago. But I never determined the exact culprit.)
Depends which LDAP attribute. userSMIMECertificate is typically managed by
Outlook/Win, and AFAIK Outlook/Mac doesn't. OTOH, it's not a hard attribute to
manage, so it's entirely possible to tool it up with a client. B/c that
attribute is a user-signed object, it has to have access to the private key, so
there's gotta be some tool on the user-side. I will mention in most of the
environments I've supported, Mac users are usually told to find a Windows box
just to do this publication.
If it's userCertificate, IME this is populated by backend directory replication
from the issuer's cert issuance directory into AD. It's just a plain cert, so
this works. Orgs tend to do this b/c Outlook *will* use it if
userSMIMECertificate is absent.
--
-- T
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden