Problem recognizing Apple's Root Certification Authority cert
I had no issue installing the Smart Card Services Update 2.0.b2 for Mountain Lion on one of my 10.8.2 machines (one that already had developer tools installed), however on a clean 10.8.2 machine. I'm unable to install the package, even after manually adding the certificate to my login key chain. I'm getting the same error that Thomas Carroll reported on Nov 8th to the list. What am I missing with my certificate install that the OS still thinks the update is untrusted? Thanks for the help, David
On Dec 7, 2012, at 4:20 PM, "Kasprzyk, David C" <david.c.kasprzyk@boeing.com> wrote:
I had no issue installing the Smart Card Services Update 2.0.b2 for Mountain Lion on one of my 10.8.2 machines (one that already had developer tools installed), however on a clean 10.8.2 machine. I'm unable to install the package, even after manually adding the certificate to my login key chain. I'm getting the same error that Thomas Carroll reported on Nov 8th to the list. What am I missing with my certificate install that the OS still thinks the update is untrusted?
David, The best/easiest method to determine the evaluation status of a certificate is to perform the following: 1) Launch Keychain Access 2) Select (highlight) either the Intermediate Certificate or the Certificate used to sign the installer (Intermediate Cert: "Apple Worldwide Developer Relations Certification Authority") (Code Signing Cert: "Mac Developer: Shawn Geddis (732BB4NPDQ)" 3) Select Keychain Access-->Certificate Assistant-->Evaluate "<name of selected certificate>"... 4) Select "Generic (certificate chain validation only) 5) Notice the "Certificate Status" -- should be "Good" You will see the status of the Certificate as well as be able to click on the "Show Certificate..." to see the complete Certificate Chain used for Trust Validation for this certificate. What do you see on yours ? You can submit a ticket at the Project and proceed that way as well. - Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com MacOSForge: Smart Card Services Project Lead: Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________
Thanks Shawn, I just got my user to check this on his machine. Keychain reports: Evaluation Status: Success Certificate Status: Good This is the same as on my MBP where the install worked. We retested the install and got the same error. Thoughts? David On 12/10/12 8:30 AM, "Shawn Geddis" <geddis@me.com> wrote:
On Dec 7, 2012, at 4:20 PM, "Kasprzyk, David C" <david.c.kasprzyk@boeing.com> wrote:
I had no issue installing the Smart Card Services Update 2.0.b2 for Mountain Lion on one of my 10.8.2 machines (one that already had developer tools installed), however on a clean 10.8.2 machine. I'm unable to install the package, even after manually adding the certificate to my login key chain. I'm getting the same error that Thomas Carroll reported on Nov 8th to the list. What am I missing with my certificate install that the OS still thinks the update is untrusted?
David,
The best/easiest method to determine the evaluation status of a certificate is to perform the following:
1) Launch Keychain Access 2) Select (highlight) either the Intermediate Certificate or the Certificate used to sign the installer (Intermediate Cert: "Apple Worldwide Developer Relations Certification Authority") (Code Signing Cert: "Mac Developer: Shawn Geddis (732BB4NPDQ)" 3) Select Keychain Access-->Certificate Assistant-->Evaluate "<name of selected certificate>"... 4) Select "Generic (certificate chain validation only) 5) Notice the "Certificate Status" -- should be "Good"
You will see the status of the Certificate as well as be able to click on the "Show Certificate..." to see the complete Certificate Chain used for Trust Validation for this certificate.
What do you see on yours ?
You can submit a ticket at the Project and proceed that way as well.
- Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com
MacOSForge: Smart Card Services Project Lead:
Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________
David, I would suggest that you submit a ticket [http://smartcardservices.macosforge.org/trac/newticket] with screen shots, logs. Since the installer is successful when the proper Intermediate CA Certificate is available, sounds like we still have some challenges on that end. Also, what is your Gatekeeper setting ? - Mac App Store - Mac App Store and identified developers - Anywhere Having this set to anything other than "Anywhere" or not manually overriding (<control> & "Open...") the setting temporarily will prevent the launch of the installer as well. - Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com MacOSForge: Smart Card Services Project Lead: Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________ On Dec 17, 2012, at 3:04 PM, "Kasprzyk, David C" <david.c.kasprzyk@boeing.com> wrote:
Thanks Shawn,
I just got my user to check this on his machine. Keychain reports:
Evaluation Status: Success Certificate Status: Good
This is the same as on my MBP where the install worked. We retested the install and got the same error.
Thoughts?
David
On 12/10/12 8:30 AM, "Shawn Geddis" <geddis@me.com> wrote:
On Dec 7, 2012, at 4:20 PM, "Kasprzyk, David C" <david.c.kasprzyk@boeing.com> wrote:
I had no issue installing the Smart Card Services Update 2.0.b2 for Mountain Lion on one of my 10.8.2 machines (one that already had developer tools installed), however on a clean 10.8.2 machine. I'm unable to install the package, even after manually adding the certificate to my login key chain. I'm getting the same error that Thomas Carroll reported on Nov 8th to the list. What am I missing with my certificate install that the OS still thinks the update is untrusted?
David,
The best/easiest method to determine the evaluation status of a certificate is to perform the following:
1) Launch Keychain Access 2) Select (highlight) either the Intermediate Certificate or the Certificate used to sign the installer (Intermediate Cert: "Apple Worldwide Developer Relations Certification Authority") (Code Signing Cert: "Mac Developer: Shawn Geddis (732BB4NPDQ)" 3) Select Keychain Access-->Certificate Assistant-->Evaluate "<name of selected certificate>"... 4) Select "Generic (certificate chain validation only) 5) Notice the "Certificate Status" -- should be "Good"
You will see the status of the Certificate as well as be able to click on the "Show Certificate..." to see the complete Certificate Chain used for Trust Validation for this certificate.
What do you see on yours ?
You can submit a ticket at the Project and proceed that way as well.
- Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com
MacOSForge: Smart Card Services Project Lead:
Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________
participants (2)
-
Kasprzyk, David C
-
Shawn Geddis