Tim, See below: --
You're looking at completely different certificates. The PIV minidriver shows you the PIV cert with the extended UPN syntax. ActivClient (by default) show you the DoD Email Signature cert with the shorter EDIPI-only UPN syntax. (FWIW, they actually use different smartcard interfaces; the PIV driver uses NIST SP800-73 and ActivClient uses GSC-IS 2.1. AC can use SP800-73 *as well* but it's not on by default in the CAC version.)
Is there a way to query the PIV cert directly on the mac? I¹m sure that value is there somewhere.
To see the PIV cert on the Mac you need PIV.tokend to take ownership of the card. Currently the CAC.tokend (or CACNG.tokend, if installed) wins because securityd prefers it. You can move the CAC.tokend package *out* of /Security/Library/Security/tokend and re-insert the card to drive it as a PIV.
-- Tim
Frankly, I don’t have a need to see the PIV cert on the mac, I’m fine with the CAC token and that works just fine, I just want to setup a consistent architecture that I can test on both Win7 and Mac, and I posed a separate question to you in the previous email about disabling Win7 mini-driver architecture to see if that might work (in addition to killing the AC software, but I’m supposing that will hose the Win7 machine to see NOTHING. But, again, I’m not sure here.