Well, I would think I am doing the intermediate part because other DoD
sites that require my card to be inserted, and pin to be used, allow me on.
Is there a way that I can, from the website I need to login to, determine
what it is asking for that I am missing, or whatever?
I just get this, over and over and over:(
The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be
displayed.
Please try the following:
* Click the Refresh button, or try again later.
* Open the webmail.governmentsite.mil home page, and then
look for links to the information you want. * If you believe you
should be able to view this directory or page, please contact the Web
site administrator by using the e-mail address or phone number listed
on the webmail.governmentsite.mil home page.
401 Unauthorized - The server requires authorization to fulfill the request.
Access to the Web server is denied. Contact the server administrator. (12209)
Internet Security and Acceleration Server
On Fri, 15 Jul 2005 14:28:05 -0700, Bob Relyea wrote:
> John H. wrote:
>> It never works on this site, but are the certs what is wrong?
>> I mean, I am prompted for my card's pin, which I input, and then
>> get that error.
>>
> You're prompted for the pin so that we can read the certs of the card
> (not all cards present all the certs
> until the card itself is authenticated, so unless we know better, we
> assume that you will need to supply the
> pin to read the certs). You will get that same prompt if you try to
> bring up the cert viewer.
>> In IE on windows, it shows multiple certs that I can select, and
>> one or two of them I select will work.
>>
> The other issue is where the intermediate certs are. It's quite likely
> that you have the correct intermediate certs in your copy of IE (because
> of some past action in getting certificates, for example). Even if you
> didn't, it sounds like IE isn't correctly filtering the certs it
> presents. (it's only supposed to present a list of certs that match the
> CA list the server sends). The fact that they show some certs that won't
> work sort of indicates that.
>
> I'm pretty sure the CAC cards do not include the intermediates on the
> card (which is a difficiency). The only way to solve that is to load the
> appropriate intermediates into all your clients that you use. You can
> usually load the intermediates by going to the appropriate website for
> the CA (I'm not sure what that is in your infrastructure, however).
>
> Once you load the intermediates, is suspect things will start working.
> If you see the certs in the cert viewer, then you the drivers sound like
> the are installed correctly.
>
> bob
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
