Just an update on this,
the new osX update (10.5.4) seems to fix the issue. In order to
use a specific certificate to login to a site that has optional x509
authentication (like GGUS and as far as i understand GridKA) the user
has to:
1) update to 10.5.4 version of osX
2) open KeyChain access application
3) right-click on the certificate that he/she wants to use and select
"New Identity Preference..."
4) type the url he/she wants to use the certificate
With the above i was able to login to GGUS using as url at the 4th
step the "https://gus.fzk.de" but i wasn't able to login when i used "https://gus.fzk.de/
".
I hope that helps...
Regarding exporting of keypair, safari actually doesn't have any
keystore. The keys are stored in KeyChain Access application which
safari is able use. KeyChain Access support's export of certificates
or keys (even if the private key hasn't any certificate to pair).
Christos
On Jul 6, 2008, at 8:08 PM, Gordon, JC (John) wrote:
> Torsten, does Safari or something else on the Mac not allow you export
> your keypair? It is not only the GridKa CA which restricts you to the
> machine from which you requested your certificate to be signed. Your
> private key should not leave that machine UNLESS you export the
> keypair.
> I am afraid I don't have a Mac handy to check out Safri. The version
> on
> my iTouch doesn't seem to allow me to download my certificate at
> all:-(
>
> John
>
>> -----Original Message-----
>> From: LHC Computer Grid - Rollout
>> [mailto:[log in to unmask]] On Behalf Of Torsten Harenberg
>> Sent: 20 June 2008 19:12
>> To: [log in to unmask]
>> Subject: Re: [LCG-ROLLOUT] GGUS and Apple
>>
>> Hi Maarten,
>>
>> Am 20.06.2008 um 15:51 schrieb <[log in to unmask]>
>> <[log in to unmask]
>>> :
>>
>>> Hi Torsten,
>>>
>>>> I even don't have a "Reinitialize" in the "File" pull-down menu.
>>>> Are you also
>>>> running OS X 10.5.3? My Safari version is 3.1.1. The
>> problem is here
>>>> on three independant machines with two different users.
>>>
>>> Did you read the reply by Christos Triantafyllidis?
>>> Only Safari users seem to have this problem
>>> --> probably a bug or misconfiguration of Safari, and not the fault
>>> of GGUS.
>>>
>>>
>>
>>
>> I didn't claim that this is GGUS' fault.
>>
>> And.. I read it (and btw: I posted all the information
>> Christos kindly
>> gave into the GGUS ticket). However, only GGUS (and GridKa CA) seems
>> to be affected while GOC DB or any other site I know reading the
>> personal certificate works just fine. I tried to figure out if the
>> problem can be somehow identified.
>>
>> Although the problem/change might be on Apple's side, other sites
>> (like GOC DB) seem to get around it.
>>
>> My personal problem is that I cannot download grid certificates I
>> applied using Safari (when it was still working), as GridKa
>> CA stores
>> the keys in the browser at the time you apply for the
>> certificate. So
>> you have to use exactly the same browser on the same machine
>> to get a
>> full certificate/key pair once it is issued. And now this web
>> application doesn't recognize me anymore.
>>
>> So my hope was that Louis found a way to re-configure Safari,
>> but as I
>> said: I cannot follow his instructions.
>>
>> Louis: maybe you can describe a bit closer what you did to get it
>> working again. I would really appreciate it.
>>
>> Thanks a lot and have a nice weekend,
>>
>> Torsten
>>
>> --
>> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
>> <> <>
>> <> Dr. Torsten Harenberg [log in to unmask] <>
>> <> Bergische Universitaet <>
>> <> FB C - Physik Tel.: +49 (0)202 439-3521 <>
>> <> Gaussstr. 20 Fax : +49 (0)202 439-2811 <>
>> <> 42097 Wuppertal <>
>> <> <>
>> <><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>
>>
>
|