killonatural.blogg.se

1. CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED MAC OS X
2. CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED INSTALL
3. CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED SOFTWARE
4. CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED CODE
5. CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED PASSWORD

In my case I needed the US GOV Health and Human Services (HHS) intermediate certificates and the best online resource I found for HHS certificates needed for PIV cards is actually over on a NIH hosted site: The source of trust chain certificates almost certainly depends on what agency you work for or are trying to access.

CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED INSTALL

The solution is to go out and install the intermediate certificates necessary to build the full lenght trust chain. OS X Yosemite does not “trust” the Certificate Authorities that signed my PIV card certificates. Keychain Assistant helpfully throws up the red text saying: “ This certificate was signed by an unknown authority” This may not be an issue for an upgraded system but on my brand new laptop my host OS was missing the intermediate certificate trust chain.

CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED SOFTWARE

If your USB reader and the PKard software are working, Yosemite 10.10 can now “see” the crypto info stored on the PIV cardįix the Trust Chain (If your PIV certificate is not trusted) What you want to see is the certificates and credentials that are stored on the smart card. Getting the PIV card to work on 10.10 YosemiteĪttach your reader, use the OS X “About this Mac” -> “System Report” function to verify that your computer and OS actually see and recognize a smart card device:

A perfect example of this is and – the site that I turned to first when looking for OS X Yosemite PIV/smartcard status info. It’s a very slick and interesting system.įrom what I can tell, PIV cards are very similar to the CAC cards carried by military members that are often required for secure web browsing and access to military resources In fact, when searching the internet for PIV assistance you will find that some of the best help resources are coming from the military CAC-user community.

CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED CODE

Two-factor authentication is achieved by having to punch in a PIN code when my certs are presented to the remote system. When I’m trying to physically enter a building the PIV card is my secure photo ID badge (with backup biometrics and fingerprints stored o it) - when I try to enter a US Government network “virtually” the same PIV card doubles as VPN access device because it contains a personal set of crypto keys that uniquely identify me. The way I connect is via a federal standard PIV Card which is a very cool physical badge that doubles as a holder of biometric and personal crypto certificate information.

I do some subcontracting work for a few US Government agencies, one of which requires me to be able to connect remotely to US.GOV networks and infrastructure. This was not something I needed to do on OS X 10.7 or 10.7 with the open source smart card software stack.

CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED PASSWORD

It did, however work fast and got me successfully logged onto the remote VPN server.Ĭurrent status: Thursby PKard software works well on Yosemite for VPN access but the Windows desktop I get sent to via a Citrix client reports “no valid certificates” and I’m forced to use my standard user login name and password to complete the final authentication. I expect the state of open source smart card and tokend implementations to get better and more easily usable on Yosemite so I may only be using the Thursday product for a short time. This will change but if you are in a hurry (as I was) the best thing you can do in the short term is pay $29.95 for the Thursby PKard software from - it installed seamlessly and allowed me to login via VPN although for some reason my certificates were not passed on to the Windows remote desktop system, hopefully I don’t need the $179 “ADmitMac” product for that. As of the time I wrote this article, the state of freely available open source software for PIV smart card support on Yosemite is pretty lacking. I need to use a HHS PIV card to remotely access computer systems from a brand new Macbook air running OS X 10.10 Yosemite. Still – consider the Centrify software if you don’t want to spend $29. Still no idea why this is happening – on other versions of OS X my smart card credentials transparently passed onto the OS. Long story short: It works to get past the VPN gateway but throws the same “no valid certificates found” error when trying to login to the Windows desktop via a Citrix Receiver client. I just had a chance to test the new Yosemite 10.10 compatible free SmartCard utility from Centrfy mentioned here: The bulk of this post concerns the $29 Pkard product from Thursby which is the first I found with explicit OS X 10.10 support. If this is bothering or interesting you, you may want to monitor this URL:

There is an active Citrix support thread on the “no valid certificates found” issue. Note: This entire post is basically google search bait designed to (hopefully) allow others struggling with the same issues to save a bit of time.

CENTRIFY EXPRESS FOR MAC SMART CARD CARD IS LOCKED MAC OS X

Using PIV smart cards for HHS VPN login with Mac OS X 10.10 Yosemite