Too many certs to choose from

CAC access to secure web sites for Mac OS

Too many certs to choose from

Postby cucco » Tue Aug 09, 2011 9:39 am

Am I the only one experiencing this?
I go to log into a site using Safari 5.x and it asks to select a cert. I'm then presented with a list of over 40 certificates, none of which allow me to enter the site? (All saying the site did not accept the certificate?)

Thoughts?
cucco
 
Posts: 7
Joined: Tue Jul 26, 2011 1:39 pm

Re: Too many certs to choose from

Postby carl » Tue Aug 09, 2011 10:02 am

cucco,

Welcome to the Thursby forums.

The symptoms you've described sound like those from other customers, but different sites and browser versions behave differently. What site you're having problems with? What version of Safari are you using (5.0.x or 5.1)?

Carl
carl
Site Admin
 
Posts: 154
Joined: Wed Feb 23, 2011 5:04 pm
Location: Arlington, Texas

Re: Too many certs to choose from

Postby cucco » Tue Aug 09, 2011 10:07 am

Hi Carl,
Thanks for the very prompt reply and for the welcome.

I've tried using both versions (5.0 and 5.1) of Safari.

One site that I know is giving me this kind of grief is:
https://www.sldcada.disa.mil/

This is the time and attendance website we use. I have added this to my keychain and identity preference.

However, I can sit there at my machine and choose every single cert identity (over 40) and none of them work. Is it normal to have that many "certs" show up (I say "certs" b/c I'm fully aware that there aren't 40 of them on the CAC).

Thanks!
J.
cucco
 
Posts: 7
Joined: Tue Jul 26, 2011 1:39 pm

Re: Too many certs to choose from

Postby carl » Tue Aug 09, 2011 10:27 am

It looks like the prompt to choose a cert is showing all certs from the machine and not just what's on the card. If you can expand that window and send me a screen shot of that list, I'll discuss it with our engineers and see if we can tell why the list is so long. If you'd rather not post here, you can email it to our support address ( support@thursby.com ).

As for the actual problem, the site functions differently based on the browser being used. Would you mind trying Google Chrome ( http://www.google.com/chrome )? If that's not possible, please let me know. Other users have stated that Google Chrome works with this site while Safari doesn't.
carl
Site Admin
 
Posts: 154
Joined: Wed Feb 23, 2011 5:04 pm
Location: Arlington, Texas

Re: Too many certs to choose from

Postby cucco » Wed Aug 10, 2011 10:47 am

E-mail sent.
Thanks!

You'll see by what I sent that there's a long list. However, what you won't see is that this is only about half (a little less than half) of the available certs.

I do also use Chrome, but SLDCADA won't recognize chrome unfortunately.

Thanks!
Jeremy
cucco
 
Posts: 7
Joined: Tue Jul 26, 2011 1:39 pm

Re: Too many certs to choose from

Postby carl » Wed Aug 10, 2011 2:54 pm

I do see the list, and I'm discussing this with our engineers. They have theories, but we don't have anything specific yet.

Would you mind creating a test user account on your Mac? I'd like to do this to determine what process causes this problem. In the new account, open Safari and open https://www.sldcada.disa.mil. I assume you're clicking V22 Login or V23 Login at this point. With this default configuration (PKard was installed already), you should be prompted for a cert. How many certs are listed?

If only 3-4 are listed, then pick the email cert. You should be prompted for your PIN at this point. Does this work?

IMPORTANT
It is very important to know that Safari will not work properly after a failure. If you've selected the wrong cert, quit Safari and relaunch before choosing a new cert.

If you still can't connect, try Google Chrome in this test account.
How many certs does it show?
Select the email cert. Does this work?

If you still cannot get connected, consider trying Google Chrome configured to give a PC User Agent. The best reference we have for this is here.

Please let me know if this helps.

Carl
carl
Site Admin
 
Posts: 154
Joined: Wed Feb 23, 2011 5:04 pm
Location: Arlington, Texas

Re: Too many certs to choose from

Postby tasksaturated » Fri Sep 07, 2012 6:52 am

I am having the same problem as the originator of this thread. I have so far tried Safari (even in developer mode), Firefox and Chrome. In each case there is a problem with the certs. Safari will initially display my CAC certs to choose from, then display a list of ichat certs after my CAC password has been entered. Firefox never even asks for me to select a cert. It immediately returns the following: SSL peer cannot verify your certificate. Chrome only gives me the option of selecting an email cert (not the cert I use when logging in on the gov't brick). After being prompted for my CAC password I get: Error 141 (net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED): Unknown error.

I have tried launching Chrome from the dock and the terminal with the same results.

The new SLDCADA address for me is: https://sso.sldcada.disa.mil/sldcert/login.jsp?ver=23

Is there anything else to try?

Thanks

UPDATE - following removal of the CAC card, the reader, logging out, logging in and a restart, I am able to get to the SLDCADA banner page but no farther.
tasksaturated
 
Posts: 2
Joined: Fri Sep 07, 2012 6:42 am

Re: Too many certs to choose from

Postby michaelwolfe » Tue Sep 11, 2012 8:51 am

tasksaturated,

If you haven't already, please try our Google Chrome Launcher. This will launch Chrome with a different User Agent that may get you past the web servers filters. Our product doesn't support the Firefox browser because it doesn't use Keychain for certificate handling.

Please let me know if this helps.

--Michael
michaelwolfe
 
Posts: 244
Joined: Fri Feb 17, 2012 11:49 am


Return to PKard® for Mac v1

Who is online

Users browsing this forum: No registered users and 1 guest