Problems accessing Certificates on ActivKey
Hi all, I have installed latest version of the Mountain Lion drivers and when I open the Keychain, all I can see is an empty keystore for the CAC device. There are no certificates listed. I had a similar problem on ubuntu last year when my employer updated my certificates and I solved it by installing a patched version of coolkey with support for multislot devices ( https://bugzilla.redhat.com/show_bug.cgi?id=826286). Do you know if the CAC tokend support this kind of configuration? Any idea what can be the problem and how to solve it? I have a great new macbook pro that I cannot use for work due to this problem. Thanks, Alvaro
On Apr 23, 2013, at 10:25 AM, Alvaro <alvaro.picapau@gmail.com> wrote:
Hi all, I have installed latest version of the Mountain Lion drivers and when I open the Keychain, all I can see is an empty keystore for the CAC device. There are no certificates listed. I had a similar problem on ubuntu last year when my employer updated my certificates and I solved it by installing a patched version of coolkey with support for multislot devices (https://bugzilla.redhat.com/show_bug.cgi?id=826286). Do you know if the CAC tokend support this kind of configuration? Any idea what can be the problem and how to solve it?
I have a great new macbook pro that I cannot use for work due to this problem.
Alvaro, I believe what you are facing, unfortunately, is that we do not currently have support for ActivKey. That is unfortunate for you and others in the same situation, but you do currently have alternatives in potentially obtaining both free and purchasable support for these cards from the commercial and open source players right now without waiting. You can always file a Ticket on this as well: https://smartcardservices.macosforge.org/trac/newticket In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend - Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com MacOSForge: Smart Card Services Project Lead: Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________
Thanks for the prompt response Shawn, What are the free and commercial alternatives? I would like to try everything I can get my hands on. Cheers, A. Un saludo, Alvaro On Tue, Apr 23, 2013 at 5:57 PM, Shawn Geddis <geddis@apple.com> wrote:
On Apr 23, 2013, at 10:25 AM, Alvaro <alvaro.picapau@gmail.com> wrote:
Hi all, I have installed latest version of the Mountain Lion drivers and when I open the Keychain, all I can see is an empty keystore for the CAC device. There are no certificates listed. I had a similar problem on ubuntu last year when my employer updated my certificates and I solved it by installing a patched version of coolkey with support for multislot devices ( https://bugzilla.redhat.com/show_bug.cgi?id=826286). Do you know if the CAC tokend support this kind of configuration? Any idea what can be the problem and how to solve it?
I have a great new macbook pro that I cannot use for work due to this problem.
Alvaro,
I believe what you are facing, unfortunately, is that we do not currently have support for ActivKey. That is unfortunate for you and others in the same situation, but you do currently have alternatives in potentially obtaining both free and purchasable support for these cards from the commercial and open source players right now without waiting.
You can always file a Ticket on this as well: https://smartcardservices.macosforge.org/trac/newticket
In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend
- Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com
MacOSForge: *Smart Card Services* Project Lead:
Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________
Alvaro, As noted in previous message, you have several vendors who support Tokend on OS X...
In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend
- Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com MacOSForge: Smart Card Services Project Lead: Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________ On Apr 23, 2013, at 12:05 PM, Alvaro <alvaro.picapau@gmail.com> wrote:
Thanks for the prompt response Shawn,
What are the free and commercial alternatives? I would like to try everything I can get my hands on.
Cheers, A.
Un saludo,
Alvaro
On Tue, Apr 23, 2013 at 5:57 PM, Shawn Geddis <geddis@apple.com> wrote: On Apr 23, 2013, at 10:25 AM, Alvaro <alvaro.picapau@gmail.com> wrote:
Hi all, I have installed latest version of the Mountain Lion drivers and when I open the Keychain, all I can see is an empty keystore for the CAC device. There are no certificates listed. I had a similar problem on ubuntu last year when my employer updated my certificates and I solved it by installing a patched version of coolkey with support for multislot devices (https://bugzilla.redhat.com/show_bug.cgi?id=826286). Do you know if the CAC tokend support this kind of configuration? Any idea what can be the problem and how to solve it?
I have a great new macbook pro that I cannot use for work due to this problem.
Alvaro,
I believe what you are facing, unfortunately, is that we do not currently have support for ActivKey. That is unfortunate for you and others in the same situation, but you do currently have alternatives in potentially obtaining both free and purchasable support for these cards from the commercial and open source players right now without waiting.
You can always file a Ticket on this as well: https://smartcardservices.macosforge.org/trac/newticket
In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend
Thanks Shawn, You mentioned that you dont support ActivKey, but it was actually working great before my certificate expired and IT set a new one. The case is the similar as http://smartcardservices.macosforge.org/trac/ticket/90 (Where I posted a comment). As I said, I had the same problem on linux with coolkey and solved it using a patched version to support multi slots. It seems like new ActiveClient software uses non standard slots to store certificates. Any chance the CAC tokend can be updated to support this? Thanks, A. Un saludo, Alvaro On Tue, Apr 23, 2013 at 6:14 PM, Shawn Geddis <geddis@apple.com> wrote:
Alvaro,
As noted in previous message, you have several vendors who support Tokend on OS X...
In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend
- Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com
MacOSForge: *Smart Card Services* Project Lead:
Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________
On Apr 23, 2013, at 12:05 PM, Alvaro <alvaro.picapau@gmail.com> wrote:
Thanks for the prompt response Shawn,
What are the free and commercial alternatives? I would like to try everything I can get my hands on.
Cheers, A.
Un saludo,
Alvaro
On Tue, Apr 23, 2013 at 5:57 PM, Shawn Geddis <geddis@apple.com> wrote:
On Apr 23, 2013, at 10:25 AM, Alvaro <alvaro.picapau@gmail.com> wrote:
Hi all, I have installed latest version of the Mountain Lion drivers and when I open the Keychain, all I can see is an empty keystore for the CAC device. There are no certificates listed. I had a similar problem on ubuntu last year when my employer updated my certificates and I solved it by installing a patched version of coolkey with support for multislot devices ( https://bugzilla.redhat.com/show_bug.cgi?id=826286). Do you know if the CAC tokend support this kind of configuration? Any idea what can be the problem and how to solve it?
I have a great new macbook pro that I cannot use for work due to this problem.
Alvaro,
I believe what you are facing, unfortunately, is that we do not currently have support for ActivKey. That is unfortunate for you and others in the same situation, but you do currently have alternatives in potentially obtaining both free and purchasable support for these cards from the commercial and open source players right now without waiting.
You can always file a Ticket on this as well: https://smartcardservices.macosforge.org/trac/newticket
In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend
Alvaro, Updates could be done to support all types of devices and profiles. I just did not want to promise something that you needed in a timely manner. You have options and if you are desperate and need this now, I can say it would not be a short turnaround. We are always looking to added support for more, but time is not always on our side. It all comes down to the need for the Tokend modules to be updated to support more compliant profiles. I will be quick to acknowledge that the current Tokend modules are not fully compliant with the current/active specifications and hence there are situations like your where the Tokend recognizes the profile, but fails to properly populate the objects for use by the Keychain Services. A need for updates rather than a regression, but I know that does not provide you any solace. - Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com MacOSForge: Smart Card Services Project Lead: Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________ On Apr 23, 2013, at 2:32 PM, Alvaro <alvaro.picapau@gmail.com> wrote:
Thanks Shawn,
You mentioned that you dont support ActivKey, but it was actually working great before my certificate expired and IT set a new one. The case is the similar as http://smartcardservices.macosforge.org/trac/ticket/90 (Where I posted a comment).
As I said, I had the same problem on linux with coolkey and solved it using a patched version to support multi slots. It seems like new ActiveClient software uses non standard slots to store certificates.
Any chance the CAC tokend can be updated to support this?
Thanks, A.
Un saludo,
Alvaro
On Tue, Apr 23, 2013 at 6:14 PM, Shawn Geddis <geddis@apple.com> wrote: Alvaro,
As noted in previous message, you have several vendors who support Tokend on OS X...
In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend
- Shawn ______________________________________________________ Shawn Geddis geddis@me.com Enterprise Security Consulting Engineer, Apple geddis@apple.com
MacOSForge: Smart Card Services Project Lead: Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo ______________________________________________________
On Apr 23, 2013, at 12:05 PM, Alvaro <alvaro.picapau@gmail.com> wrote:
Thanks for the prompt response Shawn,
What are the free and commercial alternatives? I would like to try everything I can get my hands on.
Cheers, A.
Un saludo,
Alvaro
On Tue, Apr 23, 2013 at 5:57 PM, Shawn Geddis <geddis@apple.com> wrote: On Apr 23, 2013, at 10:25 AM, Alvaro <alvaro.picapau@gmail.com> wrote:
Hi all, I have installed latest version of the Mountain Lion drivers and when I open the Keychain, all I can see is an empty keystore for the CAC device. There are no certificates listed. I had a similar problem on ubuntu last year when my employer updated my certificates and I solved it by installing a patched version of coolkey with support for multislot devices (https://bugzilla.redhat.com/show_bug.cgi?id=826286). Do you know if the CAC tokend support this kind of configuration? Any idea what can be the problem and how to solve it?
I have a great new macbook pro that I cannot use for work due to this problem.
Alvaro,
I believe what you are facing, unfortunately, is that we do not currently have support for ActivKey. That is unfortunate for you and others in the same situation, but you do currently have alternatives in potentially obtaining both free and purchasable support for these cards from the commercial and open source players right now without waiting.
You can always file a Ticket on this as well: https://smartcardservices.macosforge.org/trac/newticket
In the meantime, take a quick look at the bottom of the Tokend Page of the Project Wiki for vendors providing support: https://smartcardservices.macosforge.org/trac/wiki/tokend
participants (2)
-
Alvaro
-
Shawn Geddis