[SmartcardServices-Users] Searching Directory Services for certificates in Lion
Shawn Geddis
geddis at me.com
Fri Mar 2 23:15:17 PST 2012
Keep in mind that you need to have enabled this in Keychain Access by selecting the “Search directory services for certificates” and having the appropriate Directory Server configured via Directory Utility.
If you have both KA & DU configured properly, you should file a bug and provide extensive profile/logging information.
Running the command line simply verifies the the system CAN locate a certificate, but be careful of the case sensitivity on the local part of the RFC822Name as we had noted so many times no this list. If you are trying to encrypt a message to someone and you are entering their address using an alternate version of the address (ie. case variance) then Mail will not be able to locate and use the certificate.
> Even searching the contact in the GAL displays the correct cert for the contact.
What are you performing to do a search in the GAL, Address Book ? dscl ? using Outlook ?
- Shawn
________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division
On Feb 29, 2012, at 12:11 PM, Hoit, Daniel S. wrote:
> Seeing the same issue here. Address book works fine, but Mail won't pull from DS. If the certs in the login keychain it works, but its not working from DS.
>
> --DH
>
> On Feb 16, 2012, at 10:30 AM, JEFFREY COMPTON wrote:
>> Is anyone else having trouble with Mail.app in Lion searching directory services for certificates?
>>
>> From command line - it works like a charm - for example --
>>
>> security find-certificate -e mycoworker at ourdomain.org -p > downloadedcert.pem; security import downloadedcert.pem -k login.keychain
>>
>> But from Mail.app - no go.
>>
>> Even searching the contact in the GAL displays the correct cert for the contact.
>>
>> Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4360 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20120303/723e60d2/attachment.bin>
More information about the SmartcardServices-Users
mailing list