John H. wrote:
You're prompted for the pin so that we can read the certs of the card (not all cards present all the certs until the card itself is authenticated, so unless we know better, we assume that you will need to supply the pin to read the certs). You will get that same prompt if you try to bring up the cert viewer.It never works on this site, but are the certs what is wrong?I mean, I am prompted for my card's pin, which I input, and then get that error.
In IE on windows, it shows multiple certs that I can select, and one or two of them I select will work.The other issue is where the intermediate certs are. It's quite likely that you have the correct intermediate certs in your copy of IE (because of some past action in getting certificates, for example). Even if you didn't, it sounds like IE isn't correctly filtering the certs it presents. (it's only supposed to present a list of certs that match the CA list the server sends). The fact that they show some certs that won't work sort of indicates that.
I'm pretty sure the CAC cards do not include the intermediates on the card (which is a difficiency). The only way to solve that is to load the appropriate intermediates into all your clients that you use. You can usually load the intermediates by going to the appropriate website for the CA (I'm not sure what that is in your infrastructure, however).
Once you load the intermediates, is suspect things will start working. If you see the certs in the cert viewer, then you the drivers sound like the are installed correctly.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
