Open each certificate individually, tap the arrow next to the Trust Settings, click the first drop down menu and select Always Trust, then close the Window and enter your Mac password when prompted. Once they are in your Keychain, they will most likely have a red x next to them. Use the following links to download the certificates, and then drag them into your 'System' Keychain: Now let's get started by adding the DoD Root CA certs into your Keychain. My best conclusion is that the Keychain is unable to determine the validity of the CAC certificates, and therefore do not allow you to select them for authentication. I have seen situations where users do not get prompted to select a certificate or enter their PIN, or only see a '.' certificate in the selection window. This has become even more important since macOS High Sierra was released. As long as you have the correct DOD Root CA certs installed, trusted, and don't have any duplicates, the rest of the various DOD certs shouldn't show any issues of validation in your Keychain. A root certificate is the top-most certificate of the tree, which means all other certificates further down the tree depend on the trustworthiness of the root. Of the various DOD certs, the most important will be the DOD Root certs.
When you're installing the various DOD certificates into the Keychain, you're essentially telling the Mac OS how it should handle the certificate and any certificates issued by that server. The Mac OS relies heavily on the information you put in the Keychain. NOTE: If you wish to start with a Keychain free of any dod certificates, search your login and system keychains for any DOD Root, DOD ID, DOD ID SW, and DOD EMAIL certificates, then delete them.
0 kommentar(er)
