User profile for user: Randy Arrasmith
Randy Arrasmith Author
User level: Level 1
4 points

PIV certificates and Big Sur

I have googled many times and read posts similar to this question but I haven't found the solution or perhaps a reason why PIV certificates work the way they do. My PIV cert is a military CAC and I have done all the steps at militarycac.com

My scenario after doing the many things I found to try to get PIV certs working is that they work for most things but not for 3rd party apps that pop up a window to choose a cert. I have paired my CAC with my mac's user account. It works to unlock the screen, for sudo in terminal, I can get to all needed websites in both safari and chrome. From this perspective it seems the CAC is working just fine.

But... when I use either Pulse Secure or MS Teams and I get to the point where the window pops up and asks the user to select the cert, it is blank. According to Pulse Secure's website it should work with Big Sur. I have no other apps that use certificates so I assume that it is not working for all apps that request the user to select an app. I also assume that the window is populated from Keychain access

CAC does not show in Keychain Access and I guess PIV certs don't (maybe that should be fixed). CAC info does show in command line tools such as scauth, etc.

I do not have any CAC enablers installed, but did prior to Big Sur. I have gone through the remove steps several times.

I have not reloaded the laptop from scratch and will eventually but have to move a lot of files off first.

Does this behavior have anything to do with not having a T2 security chip?

I am hoping someone knows of a plist file or command I can run that will make my certs show in the select certificate window for 3rd party apps :)



Posted on Aug 11, 2021 9:41 AM

Reply

Similar questions

6 replies
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,144 points

Aug 11, 2021 11:15 AM in response to Randy Arrasmith

Apps may or may not implement authentication with PIV/CAC.

Teams doesn't ask for the CAC certificate. The authentication request is run through a Microsoft server which asks for the certificate. The CHES Teams desktop app doesn't allow access from outside a .mil/.gov network. You can only access Teams via a browser when not on VPN to government network.

Reply
User profile for user: Randy Arrasmith
Randy Arrasmith Author
User level: Level 1
4 points

Aug 11, 2021 11:26 AM in response to Barney-15E

Thank you for the reply. We may be using different Teams. I am using "Flankspeed" Teams and it does allow access from outside .mil. Most of us are teleworking these days and Teams is a big part of that. I am the only mac user of my group though but no one has to vpn or is otherwise using a MS server.

And this did work before my update to Big Sur a month or so ago.

Reply
User profile for user: Randy Arrasmith
Randy Arrasmith Author
User level: Level 1
4 points

Aug 11, 2021 9:04 PM in response to Barney-15E

I think you missed the question in my post. I said I can already use the browsers for things. My question is: why are the apps now showing the certificates? Teams is just one example. Pulse Secure is the other. The fact that the browser and the OS for logging in and terminal prove the CAC, installed root certs, card reader are all good. But it seems some setting somewhere from when old CAC enablers were installed may be confusing the apps. Or it could be the absence of a T2 chip. Or something else. I am hoping someone has an insight into this :)

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

PIV certificates and Big Sur

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up