Safari 5 broke my CAC card
Begin forwarded message:
Mac OS X 10.6.4 made NO changes to Smart Card Services. Check for other issues on your system.
With further testing I isolated the problem to the installation of Safari 5 on 10.6.3 or Safari 5 with 10.6.4, which introduced the pop- up dialog box for CAC certificate choosing, with Safari 5 I get one identity certificate followed by two or four email certificates, none of which works. I'm not the only one whose CAC card was broken by Safari 5, a co-worker in the Center of Computational Science also lost use of his CAC card when Safari 5 was installed on 10.6.3. 1) Clean install of OS X 10.6.3 (build 10D575), no data migration, no extra languages, fonts, or printers 2) launch Safari 4.0.4 & connect to infosec.navy.mil, success 3) Software update including Safari 5 but excluding OS X 10.6.4 4) launch Safari 5, connect to infosec.navy.mil, FAILURE 5) launch Safari 4.0.4 from base OS X 10.6.3, connects successfully 1) Clean install of OS X 10.6.3 (build 10D575), no data migration, no extra languages, fonts, or printers 2) launch Safari 4.0.4 & connect to infosec.navy.mil, success 3) Software Update install Safari 5 only 4) launch Safari 5, connect to infosec.navy.mil, FAILURE 5) launch Safari 4.0.4 from base OS X 10.6.3, connects successfully 6) Configure Mail with IMAP, check new message for encryption and signing - success 1) Clean install of OS X 10.6.3 (build 10D575), no data migration, no extra languages, fonts, or printers 2) Connect to infosec.navy.mil, success 3) Software Update install OS X 10.6.4 only (includes Safari 5) 4) launch Safari 5, connect to infosec.navy.mil, FAILURE 5) launch Safari 4.0.4 from base OS X 10.6.3, connects successfully 6) Configure Mail with IMAP, check new message for encryption and signing - success I also tested my CAC card with my reader (SCRx31 FW 5.2.5) on my home iMac with 10.6.4 and Safari 5, failed there as well. For whatever reason, Safari 5 does not work with a Oberthbur ID One V5.2 Dual CAC card with a SCRx31 FW 5.25 reader. We confirmed that a co-worker's Oberthur CAC does not work with my reader on my machine, but his Oberthur CAC does work with his Omnicard reader on his machine. Michael Kluskens
On Jun 22, 2010, at 9:21 AM, Michael Kluskens wrote:
With further testing I isolated the problem to the installation of Safari 5 on 10.6.3 or Safari 5 with 10.6.4, which introduced the pop- up dialog box for CAC certificate choosing, with Safari 5 I get one identity certificate followed by two or four email certificates, none of which works. I'm not the only one whose CAC card was broken by Safari 5, a co-worker in the Center of Computational Science also lost use of his CAC card when Safari 5 was installed on 10.6.3.
Same results here. This is the behavior we used to see with failing ID prefs. I'm not getting any failures at other sites, though. E.g., AF Portal, AKO, and my base webmail account are all working w/ Safari 5 on 10.6.4. -- Tim
On Jun 23, 2010, at 8:53:51 AM, Miller, Timothy J. wrote:
Same results here. This is the behavior we used to see with failing ID prefs.
I'm not getting any failures at other sites, though. E.g., AF Portal, AKO, and my base webmail account are all working w/ Safari 5 on 10.6.4.
On Jun 23, 2010, at 7:24:41 AM, Peter Walsh wrote:
Sometimes I find even though I have set an identity preference in Keychain that if Safari can't see the card it will offer the dialog (which never works). The result is a new identity pref is automatically created in Keychain with the cert selected in the dialog. Safari won't work due to these multipe identities. I delete the new identity pref, then it works fine.
I have only three sites that I can test with, 2 out of 3 fail. Also I get failures with a clean systems: format, install, update, with nothing bought over from any other disk. It appears to be related to the new feature in Safari that prompts for the certificate, when it works it is great, when it fails it is worse then useless. Michael Kluskens
participants (2)
-
Michael Kluskens
-
Miller, Timothy J.