two observed Snow Leopard anomalies relating to PKI/smartcard/certs
This should not be construed as a complaint (or a bug report), I'm still trying to understand these (operating system is Snow Leopard fully patched): 1. With PKard 1.1 installed, it seems that I cannot log onto my account if it's FileVault protected. I get something like 'account not available'. Removing the card and rebooting fixes that problem. 2. In Mail.app, if I get an email from someone whose Cert depends on a DoD Intermediate Cert that is not loaded in Keychain.app (e.g. CA-25), the message is marked as 'not trusted'. If I click on that box and tell Mail "always trust this cert", both Mail.app and Keychain.app hang. This generally messes up the machine sufficiently that a reboot is necessary. Has anyone else observed these? dave
A coworker and myself also experienced trouble with trusting certificates in Snow Leopard. The trust action would not succeed in Keychain Access and SSL stopped working elsewhere until I rebooted. It seemed to happen only when my smart card (CAC) was in its reader. Without the card in the reader, trusting certificates worked fine. My coworker was also able to trust a certificate successfully after removing his CAC. I'm running Lion now and don't see the same behavior. I trusted and untrusted a few times without any hanging or general messing up of my machine. -Suzanne On Oct 4, 2011, at 3:22 PM, David Emery wrote:
This should not be construed as a complaint (or a bug report), I'm still trying to understand these (operating system is Snow Leopard fully patched):
1. With PKard 1.1 installed, it seems that I cannot log onto my account if it's FileVault protected. I get something like 'account not available'. Removing the card and rebooting fixes that problem.
2. In Mail.app, if I get an email from someone whose Cert depends on a DoD Intermediate Cert that is not loaded in Keychain.app (e.g. CA-25), the message is marked as 'not trusted'. If I click on that box and tell Mail "always trust this cert", both Mail.app and Keychain.app hang. This generally messes up the machine sufficiently that a reboot is necessary.
Has anyone else observed these?
dave
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
If you're just interested in the intermediate DoD certs, there's an easier way than manually adding and trusting all of them. Go into keychain access and add /System/Library/Keychains/SystemCACertificates.keychain to your list of keychains. This keychain contains all the DoD intermediate certs and some other intermediate certs that don't show up in keychain access by default. -Brian On 10/4/11 3:54 PM, "Suzanne Stevens, Contractor, Code 5595" <suzanne.stevens.ctr@nrl.navy.mil> wrote:
A coworker and myself also experienced trouble with trusting certificates in Snow Leopard. The trust action would not succeed in Keychain Access and SSL stopped working elsewhere until I rebooted. It seemed to happen only when my smart card (CAC) was in its reader. Without the card in the reader, trusting certificates worked fine. My coworker was also able to trust a certificate successfully after removing his CAC.
I'm running Lion now and don't see the same behavior. I trusted and untrusted a few times without any hanging or general messing up of my machine.
-Suzanne
On Oct 4, 2011, at 3:22 PM, David Emery wrote:
This should not be construed as a complaint (or a bug report), I'm still trying to understand these (operating system is Snow Leopard fully patched):
1. With PKard 1.1 installed, it seems that I cannot log onto my account if it's FileVault protected. I get something like 'account not available'. Removing the card and rebooting fixes that problem.
2. In Mail.app, if I get an email from someone whose Cert depends on a DoD Intermediate Cert that is not loaded in Keychain.app (e.g. CA-25), the message is marked as 'not trusted'. If I click on that box and tell Mail "always trust this cert", both Mail.app and Keychain.app hang. This generally messes up the machine sufficiently that a reboot is necessary.
Has anyone else observed these?
dave
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
participants (3)
-
David Emery
-
Reese, Brian, CTR, Fort Meade-IRM
-
Suzanne Stevens, Contractor, Code 5595