![]() ![]() p policy Specify policy constraint (ssl, smime, codeSign, IPSec, iChat,īasic, swUpdate, pkgSign, pkinitClient, pkinitServer, eap) r resultType resultType = trustRoot|trustAsRoot|deny|unspecified d Add to admin cert store default is user You can accomplish this via the CLI security command or of course via the GUI of Keychain Access. ![]() To be more accurate, you can set the Trust Anchor to be any Cert within the Trust Path, since Mac OS X support a multi-tiered Trust Model. Note that the Root Cert "DoD JITC Root CA 2" is not part of the "System Root" (immutable Root Store) and hence would require that you enable trust for that Root CA - Mac OS X requires administrative trust set for Anchors not pre-shipped by Apple. I am sure I didn't have to do the security command before. The odd part of this is that I have this working since last May with the Mac and Windows. Thanks for the help from you and all the forum people who responded. I don't need touch anything on the Mac side. ![]() As soon as I get the correct URL from DISA to download and install the latest root certs to my CA host, everything's back to normal. Next message: DoD ECA Certificates - Hardware vs Software with the Mac.JITC CAC card gets " An untrusted certificate authority was detected while processing the smart card certificate used for authentication" login error. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |