Whenever you upgrade your operating system (OS), you will need to CAC-enable (i.e. Public Key Enable) the system all over again. You should refer to the instructions and downloads available from the web pages under Getting Started for End Users (Mac) on DISA's Information Assurance Support Environment (IASE) website. You will need middleware to use your CAC on OS X. The instructions on IASE will direct you to Smartcard Services (middleware) downloads from Mac OS forge. Smartcard Services will work for most CACs and readers, however, if you do not see your CAC keychain in the Keychain Access.app after installing the Smartcard Services package and inserting your CAC in the card reader, then I recommend using another free middleware called Centrify Express.
Certificate authentication requires your Mac’s time be in sync with the server you are connecting to, so if for some reason your Mac’s time is off, then you may get these errors. To fix this, go to the Date & Time system preferences, and ensure the option to “Set date and time automatically” is checked (click the lock to authenticate if. But if you just want to download the server certificate, there is no need to specify -showcerts. Echo -n gives a response to the server, so that the connection is released. Sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' removes information about the certificate chain and connection details. This is the preferred format to import the.
Aside from installing middleware, you need to download and import the DoD Root and Intermediate Certificates in your Keychain Access. Most of the DoD certificates are available if you add the 'SystemCACertificates' keychain using the File > Add Keychain option and navigating through the folders to Macintosh HD > System > Library > Keychains. You need to download and import a few certificates into the 'login' keychain, such as DOD ROOT CA 2 (3 certificates total), DOD ROOT CA 3, and any intermediate certificates that issued the certificates on your CAC, which are greater than DOD CA-30 (such as DOD CA-31, DOD EMAIL CA-31, DOD CA-32, DOD EMAIL CA-32, DOD ID CA-33, DOD EMAIL CA-33, DOD ID CA-34, DOD EMAIL CA-34, etc.). Go to the Cross-Certificate Chaining Issue page to download two zip files (i.e.Certificates_PKCS7_v4.1u4_DoD.zip and unclass-irca1_dodroot_ca2.zip, then use the File > Import Certificate option to add the certificates to the 'login' keychain. All DoD Intermediate Certificates are available for download (one-by-one) from the DoD PKI Management website at https://crl.gds.disa.mil/ (download the Certificate Authority Certificate, not the Certificate Revocation List, i.e. CRL) for each certificate.
Company: Southwest I.T. Solutions
Keychain Access User Guide
A certificate file can be shared between computers. You can add certificates to your keychain for quick access to secure websites and other resources.
On your Mac, drag the certificate file onto the Keychain Access icon or double-click the certificate file.
To view the contents of the certificate before you add it, click Show Certificates in the dialog, then click OK when you’re done.
If you’re asked to provide a name and password, type the name and password for an administrator user on this computer.