[SmartcardServices-Users] Question from a New Person Testing Smart Cards

[Will Coleman]

Tim,  See below:
-- 



>
>You're looking at completely different certificates.  The PIV minidriver
>shows you the PIV cert with the extended UPN syntax. ActivClient (by
>default) show you the DoD Email Signature cert with the shorter
>EDIPI-only UPN syntax.  (FWIW, they actually use different smartcard
>interfaces; the PIV driver uses NIST SP800-73 and ActivClient uses GSC-IS
>2.1.  AC can use SP800-73 *as well* but it's not on by default in the CAC
>version.)
>
>> Is there a way to query the PIV cert directly on the mac?  I¹m sure that
>> value is there somewhere.
>
>To see the PIV cert on the Mac you need PIV.tokend to take ownership of
>the card.  Currently the CAC.tokend (or CACNG.tokend, if installed) wins
>because securityd prefers it.  You can move the CAC.tokend package *out*
>of /Security/Library/Security/tokend and re-insert the card to drive it
>as a PIV.
>
>-- Tim

Frankly, I don’t have a need to see the PIV cert on the mac, I’m fine with
the CAC token and that works just fine, I just want to setup a consistent
architecture that I can test on both Win7 and Mac, and I posed a separate
question to you in the previous email about disabling Win7 mini-driver
architecture to see if that might work (in addition to killing the AC
software, but I’m supposing that will hose the Win7 machine to see
NOTHING.  But, again, I’m not sure here.