11-15-2018 02:52 PM
Hi, I have a new cac and keep getting the ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED message when I attempt to sign in to My Navy Portal. I have all the certificates installed and trusted and have run a diagnostic on Centrify Smart Card Assistant, though I'm not sure how to read it. I am running MAC OS X Yosemite 10.10.2
11-19-2018 06:27 AM
Welcome to Centrify Community!
Could you try the following steps and see if it helps?
CAC and CACNG tokend must be removed.
The following steps needs to be done on the Centrified Mac as root or sudo:
1) #cd /System/Library/Security/tokend/
2) #sudo mkdir tmp
3) #sudo mv CAC* tmp/
4) The Smart card must be removed and re-inserted again.
5) Keychain Access must be opened. The card should appear as "PIV-*".
6) site.mail.xxx web site should be accessible now.
a) (If using Safari browser, the credential association must be removed for site.mail.xxx, so that the right certificate can be selected.)
Note: In case, if customer wants to revert back to CAC profile, they have to undo the changes to tokend as follows:
1) cd /System/Library/Security/tokend/
2) sudo mv tmp/CAC* .