Repeated Error 141 on Mountain Lion - Chrome & Safari
02-05-2013 01:59 PM
I recently installed your software, followed the instructions to select the correct certificate to access US DoD webmail, and I've tried repeatedly to connect to the server.
Unfortunately, both Chrome and Safari continue to ask me to select a certificate and provide my CAC PIN. When I type this into the computer, I'm directed to a failure webpage with "Error 141 (net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED): Unknown error."
I have an Oberthur ID One 128 v5.5, and I've tried multiple CAC-required sites on both Chrome and Safari without success.
Please advise when able.
02-05-2013 02:31 PM
Thanks for using Centirfy.
Can you run the following command and provide me the session output--
* sctool -D
Also, send me a screen shot of the keychain.
Also, you should check the certificates on your smart to determine whether they are signed by a trusted certificate authority and ready to use. In most cases, you will need to determine the appropriate issuing authority, then import one or more intermediate certificates manually to make the existing certificates trusted.
To check the issuing authority and whether a certificate is trusted:
1. Insert your card into the smart card reader.
2. From the Finder, open Applications, then open the Utilities folder and double-click Keychain Access.
3. In the list of Keychains on the left, select the keychain entry for the smart card.
The keychain entry is typically labeled as CAC or PIV with a unique number and is usually listed first. For example:
You should see one to four certificates listed, depending on the type of card. You can get more information about each certificate by clicking the triangle next to the certificate name.
The common certificate types are:
* PIV Authentication
* Digital Signature
* Key Management
* Email Signing
* Email Encryption
4. Select the first certificate, and check the Issued by information to verify the certificate has been issued by a legitimate Certificate Authority and check the Expires field to determine when the certificate on the card expires.
The top right panel indicates whether the certificate is valid. For example:
* This certificate is valid
If the certificate is valid, no further action is necessary and you can check additional certificates stored in the keychain. For example:
* This certificate was signed by an untrusted issuer.
02-06-2013 09:54 AM
1. I've confirmed that all my certificates are valid and are good until 2015.
2. Where should I send the screenshot of my CAC Keychain and sctool dump? I don't really want to post them here in my response.
02-06-2013 10:29 AM
Thanks for your quick response. You can send that to my email address at firstname.lastname@example.org.
02-06-2013 10:38 AM
I'll await response via email and when we can get this resolved, we can come back and update the thread with the steps taken to fix the issue... I guarantee that I'm not the first / only person to have these problems.
02-07-2013 05:51 PM
Regarding the Oberthur ID One 128 v5.5- we have tested this card internally with both Chrome and Safari to access diff DOD sites and was successfull to login in.
If possible can you try it on a Windows environment using IE. You can type the website on IE and see whether you can access that site using the card.
In order to check with Windows, I think you need the ActivIdentity Drivers for your reader.
Thanks for confirming that you have the up to date firmware for the reader (SCM SCR 3310) driver that you are
06-15-2013 01:08 PM
I'm new to this forum but I found this thread while researching a solution to the almost exact same problem. Has this ever been resolved for you? I see that at one point it looks like the remainder of this issue was discussed via private email.
My version of this problem is as follows:
On systems with Win7 and Win8 installed:
When I use Chrome to access CAC enabled websites, I get the error:
Error 141 (net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED): Unknown error.
When I use IE to access *most* CAC enabled websites, I get different errors depending on the website:
The page cannot be displayed (500 internal server error)
I also get a System Event Log, Event ID 36888 entry that states:
"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 80. The Windows SChannel error state is 301."
When I try to sign an email, Outlook on Win8 gives me the error:
"An error occured in the underlying security system. An unexpected card error has occured."
Outllok on Win7 gives a different error, something about there not being enough storage space on the token for additional containers.
On a WinXP system, I get no errors at all.
Another gentleman where I work has the exact same issue. The olnly thing that is common between the two of us is that we were both issued CAC cards and have subsequently had the email address on our CAC changed to reflect our company's changing name.
06-17-2013 10:09 AM
Thanks for using Centirfy.
Based on your post I can see you are trying to use Chrome on Windows environments (Win7, Win8 & Win XP).
Currently Centrify Express for Smart Card is only supported on MAC OS platforms. For more details you can visit the following link for more details-
Please confirm, if you are having problem with the MAC OS as well and we can troubleshoot and will try to resolve the issue.
02-26-2014 11:32 AM
I am having the same issue as the last user in this post. I have been trying to access the US DoD Webmail using my CAC card and was previously able to logon using different CAC enabler software. When I attempted to logon this week, I noticed that the site began to incorporate new logon features that I had not seen before and I was no longer able to logon. I uninstalled my old CAC software and installed Centrify Express for Smart Card. When I log on now, I am prompted to enter my CAC PIN and it accepts it and begins to load the Outlook Web App but then redirects me to a new DoD Warning Banner and Consent page. I agree to the terms and it prompts me once again for my CAC PIN and I then receive the error "Error code: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED". Please advise.