Re: [SmartcardServices-Users] MacOS Sierra version
When you are just using the built-in Sierra setup, and you insert your smartcard, what happens when you type security export-smartcard at the terminal? There doesn't seem to be any other way of telling if it actually reads your smartcard. it does not show up in the keychain any more. ___________________________________ Message: 4 Date: Mon, 19 Dec 2016 07:01:24 -1000 From: Brian Shiro <bshiro@usgs.gov> To: Smart Card Services-Users <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] MacOS Sierra version Message-ID: <85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov> Content-Type: text/plain; charset="utf-8" I tried the El Capitan version of Smart Card Services on Sierra with no success. The installer gave up immediately with an error saying the OS was wrong. Hoping Sierra's new built-in Smart Card tokends might work without having to install anything extra, I had tried that first. That too did not work. I did not know I had a Smart Card reader connected at all. Brian
I typed "security export-smartcard" in the terminal. Indeed, it knows the Smart Card is there and correctly displayed the certificates, private keys, and identities on the card. I'm using a SCR3500 reader on a new MacBook Pro in this case. I get the same result with SCR3311 on an iMac too. Something is still amiss, as I can't get Pulse Secure to connect to our protected network via VPN. In El Capitan, installing Smart Card Services (or Centrify) was a prerequisite to getting Pulse Secure working. I wouldn't know where to begin in manually extracting the relevant pieces from the OS 10.11 installer and putting them on my machine. Is there a description of what to do somewhere? Brian On Mon, Dec 19, 2016 at 7:39 AM, Daly, John L CIV NAVAIR, 4G0000D < john.l.daly@navy.mil> wrote:
When you are just using the built-in Sierra setup, and you insert your smartcard, what happens when you type security export-smartcard at the terminal? There doesn't seem to be any other way of telling if it actually reads your smartcard. it does not show up in the keychain any more.
___________________________________ Message: 4 Date: Mon, 19 Dec 2016 07:01:24 -1000 From: Brian Shiro <bshiro@usgs.gov> To: Smart Card Services-Users <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] MacOS Sierra version Message-ID: <85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov> Content-Type: text/plain; charset="utf-8"
I tried the El Capitan version of Smart Card Services on Sierra with no success. The installer gave up immediately with an error saying the OS was wrong.
Hoping Sierra's new built-in Smart Card tokends might work without having to install anything extra, I had tried that first. That too did not work. I did not know I had a Smart Card reader connected at all.
Brian _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
-- ********************************************* Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory 1-808-967-8803 (UTC-10 HST) 1-808-265-1415 mobile bshiro@usgs.gov *********************************************
As far as I’ve seen, no third party applications work with Sierra’s built in Smart Card support, only Safari and Mail. Installing CACkey allowed me to use my CAC with Firefox, Pulse Secure, Chrome, and Adobe Reader, in addition to Mail and Safari. I’m not sure if CACkey works with PIV cards. - David
On Dec 19, 2016, at 10:33 AM, Shiro, Brian <bshiro@usgs.gov> wrote:
I typed "security export-smartcard" in the terminal. Indeed, it knows the Smart Card is there and correctly displayed the certificates, private keys, and identities on the card. I'm using a SCR3500 reader on a new MacBook Pro in this case. I get the same result with SCR3311 on an iMac too.
Something is still amiss, as I can't get Pulse Secure to connect to our protected network via VPN. In El Capitan, installing Smart Card Services (or Centrify) was a prerequisite to getting Pulse Secure working.
I wouldn't know where to begin in manually extracting the relevant pieces from the OS 10.11 installer and putting them on my machine. Is there a description of what to do somewhere?
Brian
On Mon, Dec 19, 2016 at 7:39 AM, Daly, John L CIV NAVAIR, 4G0000D <john.l.daly@navy.mil> wrote: When you are just using the built-in Sierra setup, and you insert your smartcard, what happens when you type security export-smartcard at the terminal? There doesn't seem to be any other way of telling if it actually reads your smartcard. it does not show up in the keychain any more.
___________________________________ Message: 4 Date: Mon, 19 Dec 2016 07:01:24 -1000 From: Brian Shiro <bshiro@usgs.gov> To: Smart Card Services-Users <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] MacOS Sierra version Message-ID: <85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov> Content-Type: text/plain; charset="utf-8"
I tried the El Capitan version of Smart Card Services on Sierra with no success. The installer gave up immediately with an error saying the OS was wrong.
Hoping Sierra's new built-in Smart Card tokends might work without having to install anything extra, I had tried that first. That too did not work. I did not know I had a Smart Card reader connected at all.
Brian _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
-- ********************************************* Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory 1-808-967-8803 (UTC-10 HST) 1-808-265-1415 mobile bshiro@usgs.gov *********************************************
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
Thank you, David. I'll try CACkey. On Mon, Dec 19, 2016 at 8:48 AM, David Mueller < david.mueller@spawar.navy.mil> wrote:
As far as I’ve seen, no third party applications work with Sierra’s built in Smart Card support, only Safari and Mail. Installing CACkey allowed me to use my CAC with Firefox, Pulse Secure, Chrome, and Adobe Reader, in addition to Mail and Safari. I’m not sure if CACkey works with PIV cards.
- David
On Dec 19, 2016, at 10:33 AM, Shiro, Brian <bshiro@usgs.gov> wrote:
I typed "security export-smartcard" in the terminal. Indeed, it knows the Smart Card is there and correctly displayed the certificates, private keys, and identities on the card. I'm using a SCR3500 reader on a new MacBook Pro in this case. I get the same result with SCR3311 on an iMac too.
Something is still amiss, as I can't get Pulse Secure to connect to our protected network via VPN. In El Capitan, installing Smart Card Services (or Centrify) was a prerequisite to getting Pulse Secure working.
I wouldn't know where to begin in manually extracting the relevant pieces from the OS 10.11 installer and putting them on my machine. Is there a description of what to do somewhere?
Brian
On Mon, Dec 19, 2016 at 7:39 AM, Daly, John L CIV NAVAIR, 4G0000D < john.l.daly@navy.mil> wrote: When you are just using the built-in Sierra setup, and you insert your smartcard, what happens when you type security export-smartcard at the terminal? There doesn't seem to be any other way of telling if it actually reads your smartcard. it does not show up in the keychain any more.
___________________________________ Message: 4 Date: Mon, 19 Dec 2016 07:01:24 -1000 From: Brian Shiro <bshiro@usgs.gov> To: Smart Card Services-Users <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] MacOS Sierra version Message-ID: <85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov> Content-Type: text/plain; charset="utf-8"
I tried the El Capitan version of Smart Card Services on Sierra with no success. The installer gave up immediately with an error saying the OS was wrong.
Hoping Sierra's new built-in Smart Card tokends might work without having to install anything extra, I had tried that first. That too did not work. I did not know I had a Smart Card reader connected at all.
Brian _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
-- ********************************************* Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory 1-808-967-8803 (UTC-10 HST) 1-808-265-1415 mobile bshiro@usgs.gov *********************************************
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
-- ********************************************* Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory 1-808-967-8803 (UTC-10 HST) 1-808-265-1415 mobile bshiro@usgs.gov *********************************************
Have you contacted Pulse Secure support to see what they recommend?
On Dec 19, 2016, at 12:33 PM, Shiro, Brian <bshiro@usgs.gov> wrote:
I typed "security export-smartcard" in the terminal. Indeed, it knows the Smart Card is there and correctly displayed the certificates, private keys, and identities on the card. I'm using a SCR3500 reader on a new MacBook Pro in this case. I get the same result with SCR3311 on an iMac too.
Something is still amiss, as I can't get Pulse Secure to connect to our protected network via VPN. In El Capitan, installing Smart Card Services (or Centrify) was a prerequisite to getting Pulse Secure working.
I wouldn't know where to begin in manually extracting the relevant pieces from the OS 10.11 installer and putting them on my machine. Is there a description of what to do somewhere?
Brian
On Mon, Dec 19, 2016 at 7:39 AM, Daly, John L CIV NAVAIR, 4G0000D <john.l.daly@navy.mil <mailto:john.l.daly@navy.mil>> wrote: When you are just using the built-in Sierra setup, and you insert your smartcard, what happens when you type security export-smartcard at the terminal? There doesn't seem to be any other way of telling if it actually reads your smartcard. it does not show up in the keychain any more.
___________________________________ Message: 4 Date: Mon, 19 Dec 2016 07:01:24 -1000 From: Brian Shiro <bshiro@usgs.gov <mailto:bshiro@usgs.gov>> To: Smart Card Services-Users <smartcardservices-users@lists.macosforge.org <mailto:smartcardservices-users@lists.macosforge.org>> Subject: Re: [SmartcardServices-Users] MacOS Sierra version Message-ID: <85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov <mailto:85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov>> Content-Type: text/plain; charset="utf-8"
I tried the El Capitan version of Smart Card Services on Sierra with no success. The installer gave up immediately with an error saying the OS was wrong.
Hoping Sierra's new built-in Smart Card tokends might work without having to install anything extra, I had tried that first. That too did not work. I did not know I had a Smart Card reader connected at all.
Brian _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org <mailto:SmartcardServices-Users@lists.macosforge.org> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users <https://lists.macosforge.org/mailman/listinfo/smartcardservices-users>
-- ********************************************* Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory 1-808-967-8803 (UTC-10 HST) 1-808-265-1415 mobile bshiro@usgs.gov <mailto:bshiro@usgs.gov> *********************************************
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
Thursby has been belly belly good for me. ☺ MacOS 10.12.2 Cisco VPN 3.1.13015 SCR 3500 From: "Shiro, Brian" <bshiro@usgs.gov> Date: Monday, December 19, 2016 at 1:33 PM To: "smartcardservices-users@lists.macosforge.org" <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] MacOS Sierra version I typed "security export-smartcard" in the terminal. Indeed, it knows the Smart Card is there and correctly displayed the certificates, private keys, and identities on the card. I'm using a SCR3500 reader on a new MacBook Pro in this case. I get the same result with SCR3311 on an iMac too. Something is still amiss, as I can't get Pulse Secure to connect to our protected network via VPN. In El Capitan, installing Smart Card Services (or Centrify) was a prerequisite to getting Pulse Secure working. I wouldn't know where to begin in manually extracting the relevant pieces from the OS 10.11 installer and putting them on my machine. Is there a description of what to do somewhere? Brian On Mon, Dec 19, 2016 at 7:39 AM, Daly, John L CIV NAVAIR, 4G0000D <john.l.daly@navy.mil<mailto:john.l.daly@navy.mil>> wrote: When you are just using the built-in Sierra setup, and you insert your smartcard, what happens when you type security export-smartcard at the terminal? There doesn't seem to be any other way of telling if it actually reads your smartcard. it does not show up in the keychain any more. ___________________________________ Message: 4 Date: Mon, 19 Dec 2016 07:01:24 -1000 From: Brian Shiro <bshiro@usgs.gov<mailto:bshiro@usgs.gov>> To: Smart Card Services-Users <smartcardservices-users@lists.macosforge.org<mailto:smartcardservices-users@lists.macosforge.org>> Subject: Re: [SmartcardServices-Users] MacOS Sierra version Message-ID: <85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov<mailto:85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov>> Content-Type: text/plain; charset="utf-8" I tried the El Capitan version of Smart Card Services on Sierra with no success. The installer gave up immediately with an error saying the OS was wrong. Hoping Sierra's new built-in Smart Card tokends might work without having to install anything extra, I had tried that first. That too did not work. I did not know I had a Smart Card reader connected at all. Brian _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org<mailto:SmartcardServices-Users@lists.macosforge.org> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users -- ********************************************* Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory 1-808-967-8803 (UTC-10 HST) 1-808-265-1415 mobile bshiro@usgs.gov<mailto:bshiro@usgs.gov> *********************************************
Thank you, all. CACkey worked for me. On Mon, Dec 19, 2016 at 9:23 AM, Sur, Douglas (NIH/CSR) [E] < douglas.sur@nih.gov> wrote:
Thursby has been belly belly good for me. J
MacOS 10.12.2
Cisco VPN 3.1.13015
SCR 3500
*From: *"Shiro, Brian" <bshiro@usgs.gov> *Date: *Monday, December 19, 2016 at 1:33 PM *To: *"smartcardservices-users@lists.macosforge.org" < smartcardservices-users@lists.macosforge.org>
*Subject: *Re: [SmartcardServices-Users] MacOS Sierra version
I typed "security export-smartcard" in the terminal. Indeed, it knows the Smart Card is there and correctly displayed the certificates, private keys, and identities on the card. I'm using a SCR3500 reader on a new MacBook Pro in this case. I get the same result with SCR3311 on an iMac too.
Something is still amiss, as I can't get Pulse Secure to connect to our protected network via VPN. In El Capitan, installing Smart Card Services (or Centrify) was a prerequisite to getting Pulse Secure working.
I wouldn't know where to begin in manually extracting the relevant pieces from the OS 10.11 installer and putting them on my machine. Is there a description of what to do somewhere?
Brian
On Mon, Dec 19, 2016 at 7:39 AM, Daly, John L CIV NAVAIR, 4G0000D < john.l.daly@navy.mil> wrote:
When you are just using the built-in Sierra setup, and you insert your smartcard, what happens when you type security export-smartcard at the terminal? There doesn't seem to be any other way of telling if it actually reads your smartcard. it does not show up in the keychain any more.
___________________________________ Message: 4 Date: Mon, 19 Dec 2016 07:01:24 -1000 From: Brian Shiro <bshiro@usgs.gov> To: Smart Card Services-Users <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] MacOS Sierra version Message-ID: <85253D72-E765-4E9D-B6C3-B4CC1CECFC85@usgs.gov> Content-Type: text/plain; charset="utf-8"
I tried the El Capitan version of Smart Card Services on Sierra with no success. The installer gave up immediately with an error saying the OS was wrong.
Hoping Sierra's new built-in Smart Card tokends might work without having to install anything extra, I had tried that first. That too did not work. I did not know I had a Smart Card reader connected at all.
Brian
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
--
*********************************************
Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory
1-808-967-8803 (UTC-10 HST)
1-808-265-1415 mobile
bshiro@usgs.gov
*********************************************
-- ********************************************* Brian Shiro Seismic Network Manager USGS Hawaiian Volcano Observatory 1-808-967-8803 (UTC-10 HST) 1-808-265-1415 mobile bshiro@usgs.gov *********************************************
participants (5)
-
Carl Ketterling
-
Daly, John L CIV NAVAIR, 4G0000D
-
David Mueller
-
Shiro, Brian
-
Sur, Douglas (NIH/CSR) [E]