Installation Instructions on a MAC Installation Instructions on a MAC The for Mac is currently available as a public beta. This beta version allows for renewal and for an agent to recover a forgotten password.
The sign up page for the public beta is The system requirements for the public beta are as follows:. An Intel based Mac with OS X 10.4.11 Tiger or higher. An SCM SCR 3310 connected to an available USB port. All available updates installed Due to limitations of OS X Tiger and Leopard on PowerPC based machines, the SentriLock Card Utility /SentriCard® Utility for Mac is only supported on Intel based computers. If you are unsure if your Mac is Intel or PowerPC based, please click Due to a bug in the Apple Java implementation, if the SentriCard® Reader is connected to one USB port and then moved to another, the computer must be restarted. This will occur even if the SentriCard® Reader is moved back to the original USB port it was connected to.
Unfortunately, this issue cannot be fixed by SentriLock and only by Apple. Use these steps to download and install the SentriLock Card Utility/SentriCard® Utility onto a MAC: 1. Mk_meet_28_november. Use your web browser to access.
Type in your name and email address. Click the Sign Up Button.
You will receive an email with a link to download the MAC version of the SentriLock Card Utility /SentriCard® Utility. Click the downloadable link in the email you receive. After the download is complete, right click or press Command + click on the download, and you will be given the option to click on Show in Finder. Click Show in Finder. The Finder menu will appear; showing the SentriLock Card Utility /SentriCard® Utility in the list of downloads. Drag the SentriLock Card Utility /SentriCard® Utility download to your desktop.
An icon should appear on your desktop for the SentriLock Card Utility /SentriCard® Utility. Plug the SentriCard® SentriCard® Reader into a USB port on your MAC computer. Double click the SentriLock Card Utility /SentriCard® Utility desktop icon. The SentriLock Card Utility /SentriCard® Utility icon should appear in the Doc. The Server Status screen will open. Insert your SentriCard® into the SentriCard® Reader.
Note: Make sure the gold chip on your SentriCard® is facing up and going in to the reader. A Login screen will appear and fill in your SentriLock ID automatically. Enter your password into the Password field. Press the Click to Login button. Select which User Permission you would like to use.
Note: If you are just renewing your SentriCard®, it does not matter which permission you choose. After logging in, you will see a button you can click to Renew Card. You can click this button to renew your SentriCard®.
Note: This button is located in the top, left-hand corner of the Main Menu. After clicking the Renew Card button, a renewal status bar will appear across the top of the web site. Wait for the renewal to finish before pulling your SentriCard® out of the SentriCard® Reader. When your SentriCard® is finished renewing, you will get a message notifying you of a successful renewal as well as the date of when your SentriCard® will expire. When you are done renewing your SentriCard®, click the Logout option in the top, right-hand corner of the Main Menu. Once logged out, you can remove your SentriCard® from the SentriCard® Reader and begin using it to access lockboxes. If you need further assistance, see.
Last update to this topic: August 10, 2012.
1 PDF Signer User Manual Introduction The main function of PDF Signer is to sign PDF documents using X.509 digital certificates. Using this product you can quickly sign multiple PDF files (bulk sign) by selecting input and output directory. This is ideal for bulk signing of a large number of corporate documents rather than signing each one individually. The positioning of the signature appearance is configurable, plus on which pages of the document it should appear (first page, last page or all pages). Links PDF Signer main page: Download PDF Signer (Free 30-Day Trial): Warning and Disclaimer Every effort has been made to make this manual as complete and accurate as possible, but no warranty or fitness is implied.
The information provided is on an as is basis. The author shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this manual. Trademarks.NET, Visual Studio.NET are trademarks of Microsoft Inc. Adobe, Adobe Reader are trademarks of Adobe Systems Inc. All other trademarks are the property of their respective owners.
Page 1 - PDFSigner User Manual (version 8.5) - 2 Product Installation.3 Digital Certificates.4 Digital Certificate Location. 4 Certificates Stored on Smart Cards or USB Tokens. 5 Select the Digital Certificate for Creating PDF Signatures.6 Create a Digital Certificate. 7 Validating Digital Signatures in Adobe.
8 Digital Signature Options.9 Digital Signature Rectangle. 3 Product Installation We recommend to install the product using an Administrator account.
Oct 29, 2018 - If you want to play, read, or write Blu-ray discs with your Mac, you're going to need to start off with an excellent Blu-ray drive. Here are our. Jul 2, 2013 - Apple has a USB SuperDrive available separately which can connect to the Mac to play DVDs. But you can also play Blu-ray right there on your Mac if you want to. The first thing you'll need is an external Blu-ray drive. There are several available including models from Buffalo, Samsung, LG, ASUS and Sony.
Jan 10, 2014 - Out of the box, your Mac can do almost anything, but playing Blu-ray movies isn't one of them. Not only do Macs not ship with Blu-ray playback software built in, but Apple still doesn't make a drive capable of reading Blu-ray discs. 6 days ago - Steps to Play Any Blu-ray Disc on Mac with VideoSolo Blu-ray Player. Download and install VideoSolo Blu-ray Player for Mac. Connect an external Blu-ray drive to your Mac and insert a Blu-ray disc to it. Launch the Blu-ray player and choose 'Open Disc' button to load your Blu-ray movie.
After the setup file is verified, the operating system might request your permission to install this program. Click More info and next click Run anyway. Read the Eula and if you want to continue, select I Agree and click Next button until the setup is finished. Page 3 - PDFSigner User Manual (version 8.5) - 4 Digital Certificates Digital Certificate Location To digitally sign a PDF file a digital certificate is needed.
The digital certificates are stored in two places: in Microsoft Store in PFX on P12 files The certificates stored on Microsoft Store are available by opening Internet Explorer Tools menu Internet Options Content tab Certificates button (see below). For PDF digital signatures, the certificates stored on Personal tab are used. These certificates have a public and a private key. The digital signature is created by using the private key of the certificate. The private key can be stored on the file system (imported PFX files), on an cryptographic smart card (like Aladdin etoken or SafeNet ikey) or on a HSM (Hardware Security Module). Signing certificates available on Microsoft Store Another way to store a digital certificate is a PFX (or P12) file. This file contain the public and the private key of the certificate.
This file is protected by a password in order to keep safe the key pair. Note that a PFX file can be imported on Microsoft Store (just open the PFX file and follow the wizard).
Post Suisseid With Usb Reader: Installation Instructions For Mac Download
To obtain a digital certificate (in PFX format) follow this link: Page 4 - PDFSigner User Manual (version 8.5) - 5 Certificates Stored on Smart Cards or USB Tokens If your certificate is stored on a smart card or USB token (like Aladdin etoken), the certificate must appear on Microsoft Certifictae Store in order to be used by the library. If the certificate not appears on Microsoft Store, you must ask your vendor about how to import the certificate on the MS Store. Usulally, the smart card driver or the middleware atutomatically install the certificate on Microsoft Certificate Store. You should also look at the middleware options, like below: Adding the certificate on Microsoft Certificate Store Adding the certificate on Microsoft Certificate Store Page 5 - PDFSigner User Manual (version 8.5). 10 The default digital signature text contains information extracted from the signing certificate, signing date, signing reason and signing location but the digital signature text can be easily customized. Signature text Set the Digital Signature Graphic The digital signature rectangle can contains text, graphic or text with graphic.
To add an image on the digital signature rectangle, you can do that from Place an image on the signature box section. Page 10 - PDFSigner User Manual (version 8.5) - 11 These types of signatures are shown below: 1. Image and text, 2. Image as background, 3. Image with no text Signing Reason and Location The signing reason and location attributes can be set from the main interface.
Signed by, Reason, Location and Date properties in Adobe Page 11 - PDFSigner User Manual (version 8.5). 13 Bypassing the Smart Card PIN In case the digital signature must be made without user intervention and the certificate is stored on a smart card or USB token, the PIN dialog might be automatically bypassed for some models.
PIN dialog can be bypassed In order to bypass the PIN dialog window, the Smart Card PIN checkbox must be checked and the right PIN to be entered.digitalcertificate.smartcardpin propery must be set. This option bypass the PIN dialog and the file is automatically signed without any user intervention.
Bypassing the Smart Card PIN Attention: This feature will NOT work for all available smart card/usb tokens because of the drivers or other security measures. Use this property carefully. Page 13 - PDFSigner User Manual (version 8.5). 14 Certify a PDF Digital Signature When you certify a PDF, you indicate that you approve of its contents. You also specify the types of changes that are permitted for the document to remain certified.
You can apply a certifying signature only if the PDF doesn t already contain any other signatures. Certifying signatures can be visible or invisible. A blue ribbon icon in the Signatures panel indicates a valid certifying signature. To certify a digital signature, select the certification type from the main interface. Certified signature Page 14 - PDFSigner User Manual (version 8.5). 15 Include the CRL Revocation Information on the PDF Signature If the revocation information will not be available online, the digital signature cannot be verified by the Adobe Reader engine so it is recommeded to include the CRL on the signature block. This setting is available on the Digital Certificates window.
Note that some revocation information files (CRL) are very large so resulting signed file will proportionally larger. PDF Signer will try to include CRL for every digital certificate from the chain. Page 15 - PDFSigner User Manual (version 8.5) - 16 A PDF digital signature without revocation information A PDF digital signature that embeds the revocation information Page 16 - PDFSigner User Manual (version 8.5) - 17 PDF/A Standard PDF/A is a file format for the long-term archiving of electronic documents. It is based on the PDF Reference Version 1.4 from Adobe Systems Inc. (implemented in Adobe Acrobat 5 and latest versions) and is defined by ISO:2005. PDF Signer can digitally sign PDF/A files. Observation: In order to save a PDF/A file, all fonts used on the PDF document must be embedded (including the font used on the digital signature rectangle).
The digital signature font can be set on the Signature Appearance section. PDF/A-1b document with digital signature Page 17 - PDFSigner User Manual (version 8.5) - 18 Time Stamping Time Stamp the PDF Digital Signature Timestamping is an important mechanism for the long-term preservation of digital signatures, time sealing of data objects to prove when they were received, protecting copyright and intellectual property and for the provision of notarization services. To add time stamping information to the PDF digital signature you will need access to a RFC 3161 time stamping server. A fully functional version of our TSA Authority is available for testing purposes at this link: (no credentials are needed).
The Time Stamping options can be configured on the Time Stamping section. Nonce and Policy The Nonce, if included, allows the client to verify the timeliness of the response when no local clock is available. The nonce is a large random number with a high probability that the client generates it only once (e.g., a 64 bit integer). Some TSA servers require to set a Time Stamp Server Policy on the Time Stamp Requests. By default, no Time Stamp Server Policy is included on the TSA request. Page 18 - PDFSigner User Manual (version 8.5) - 19 Validating the Time Stamp Response on Adobe As digital signatures certificates, the time stamping responses are signed by a certificate issued by a Certification Authority. If the time stamping certificate (or the Root CA that issued the time stamping certificate) is not included in Adobe Store, the time stamping response could not be verified when a user open a document with Adobe Reader (see example).
This behavior has nothing to do with the signing engine but with the Adobe certification validation procedure. To validate the signing certificate in Adobe use the methods described on this document: Not verified timestamp Trusted time stamping response Page 19 - PDFSigner User Manual (version 8.5). 20 Encryption If you want to protect the signed document by preventing actions like printing or content copying you must encrypt it.
The document can be encrypted using passwords from Encryption section. Encryption settings If the PDF document is signed and encrypted with an User Password, when the document is opened in PDF reader, the PDF document password must be entered.
Password is required to open the document Page 20 - PDFSigner User Manual (version 8.5) - 21 Owner Password is used to set the password that protects the PDF document for printing or content copying. When the signed and encrypted document is opened in a PDF reader, the security settings are shown like below.
Security settings for a digitally sign and encrypted document Page 21 - PDFSigner User Manual (version 8.5). 22 LTV Signatures (Long Term Validation) PAdES recognizes that digitally-signed documents may be used or archived for many years even many decades. At any time in the future, in spite of technological and other advances, it must be possible to validate the document to confirm that the signature was valid at the time it was signed a concept known as Long-Term Validation (LTV). In order to have a LTV signature, be sure that on the Digital Certificates settings, the checkbox Include certificate revocation information Long Term signature (LTV) is checked. Page 22 - PDFSigner User Manual (version 8.5) - 23 Product Registration To register the product you will need a serial number. It can be purchased online directly form the product mail page.
After you will obtain your serial number, open PDF Signer and click Register Now button. Enter the received serial on the Registration window, as below: Click Register button. Page 23 - PDFSigner User Manual (version 8.5).
. Using PIV smart cards for HHS VPN login with Mac OS X 10.10 Yosemite Note: This entire post is basically google search bait designed to (hopefully) allow others struggling with the same issues to save a bit of time. Hope it helps! October 30, 2014 Update There is an active Citrix support thread on the “no valid certificates found” issue. If this is bothering or interesting you, you may want to monitor this URL: / October 24, 2014 Update The bulk of this post concerns the $29 Pkard product from Thursby which is the first I found with explicit OS X 10.10 support. I just had a chance to test the new Yosemite 10.10 compatible free SmartCard utility from Centrfy mentioned here:.
Long story short: It works to get past the VPN gateway but throws the same “no valid certificates found” error when trying to login to the Windows desktop via a Citrix Receiver client. Still no idea why this is happening – on other versions of OS X my smart card credentials transparently passed onto the OS. Still – consider the Centrify software if you don’t want to spend $29. Short Summary I need to use a HHS PIV card to remotely access computer systems from a brand new Macbook air running OS X 10.10 Yosemite. As of the time I wrote this article, the state of freely available open source software for PIV smart card support on Yosemite is pretty lacking. This will change but if you are in a hurry (as I was) the best thing you can do in the short term is pay $29.95 for the Thursby PKard software from — it installed seamlessly and allowed me to login via VPN although for some reason my certificates were not passed on to the Windows remote desktop system, hopefully I don’t need the $179 “ADmitMac” product for that. I expect the state of open source smart card and tokend implementations to get better and more easily usable on Yosemite so I may only be using the Thursday product for a short time.
It did, however work fast and got me successfully logged onto the remote VPN server. Current status: Thursby PKard software works well on Yosemite for VPN access but the Windows desktop I get sent to via a Citrix client reports “no valid certificates” and I’m forced to use my standard user login name and password to complete the final authentication. This was not something I needed to do on OS X 10.7 or 10.7 with the open source smart card software stack. Background I do some subcontracting work for a few US Government agencies, one of which requires me to be able to connect remotely to US.GOV networks and infrastructure.
The way I connect is via a federal standard which is a very cool physical badge that doubles as a holder of biometric and personal crypto certificate information. When I’m trying to physically enter a building the PIV card is my secure photo ID badge (with backup biometrics and fingerprints stored o it) — when I try to enter a US Government network “virtually” the same PIV card doubles as VPN access device because it contains a personal set of crypto keys that uniquely identify me. Two-factor authentication is achieved by having to punch in a PIN code when my certs are presented to the remote system. It’s a very slick and interesting system. From what I can tell, PIV cards are very similar to the carried by military members that are often required for secure web browsing and access to military resources In fact, when searching the internet for PIV assistance you will find that some of the best help resources are coming from the military CAC-user community. A perfect example of this is and – the site that I turned to first when looking for OS X Yosemite PIV/smartcard status info. My Gear.
SCM SCR3500 Smart Card Reader – Amazon Link:. Belkin flexible USB adapter – Amazon Link:. Macbook Air running OS X 10.10 Yosemite Getting the PIV card to work on 10.10 Yosemite Verify your reader works Attach your reader, use the OS X “About this Mac” - “System Report” function to verify that your computer and OS actually see and recognize a smart card device: Buy and install the PKard software Launch OS X Keychain Assistant What you want to see is the certificates and credentials that are stored on the smart card.
If your USB reader and the PKard software are working, Yosemite 10.10 can now “see” the crypto info stored on the PIV card Fix the Trust Chain (If your PIV certificate is not trusted) This may not be an issue for an upgraded system but on my brand new laptop my host OS was missing the intermediate certificate trust chain. Keychain Assistant helpfully throws up the red text saying: “ This certificate was signed by an unknown authority” OS X Yosemite does not “trust” the Certificate Authorities that signed my PIV card certificates. The solution is to go out and install the intermediate certificates necessary to build the full lenght trust chain. The source of trust chain certificates almost certainly depends on what agency you work for or are trying to access. In my case I needed the US GOV Health and Human Services (HHS) intermediate certificates and the best online resource I found for HHS certificates needed for PIV cards is actually over on a NIH hosted site: I downloaded and installed the “HHS Entrust FPKI Certificate Chain” from the above website: Installing the certificates results in a chain of trust that culminates with your personal PIV certificates being recognizes as trusted: Now Test At this point you have a recognized USB card reader, your personal PIV certificates are visible to Mac OS X and the trust chain is complete. This should be all you need to access or login to PIV-enabled websites.
I removed screenshots showing the portal site I was logging into out of paranoia so I can’t show examples of successful logins. I’ll just show this OS X window which is the system prompt you get when your certificate is being used and the host OS wants to verify your PIN code as part of the two-factor authentication process. If you see this, this is your PIN entry prompt and it means that stuff is generally working: Remember that this is where your PIN goes, ignore the system text about “keychain password” Minor Issue Using the steps outlined above I can successfully authenticate to the remote access environment I need to use on a daily basis.
However, on my older laptop my PIV card credentials were transparently passed onto the Windows OS as well and I was not prompted for a second login. That is not the case now. After getting past the VPN, the remote desktop session can’t see my PIV certificate and I have to fallback to using standard AD username and password. Not optimal but it works for my purposes. Longer term I want this issue to go away. I’m not sure if it’s a Citrix Receiver issue or perhaps this is a designed-in behavior of the Thursday software designed to upsell software that offers more functionality.
I was willing to pay $29.99 for the functionality I needed and the software and documentation is great but I’m not going to shell out $179 for SSO access to a Windows Desktop. I’m going to keep researching this and will keep an eye on the state of open source / free smart card services for Yosemite 10.10. Will update this post as needed. According to, Mac and mobile Citrix Receivers currently DO NOT support smart card. It sounds like the Citrix Receiver doesn’t have the ability to use the smart card credentials that PKard for Mac has made available. This is something Citrix would need to resolve with their application on their end.
We do have customers that authenticate to web-based Citrix portals via PIV/CAC using Safari or Google Chrome. You may want to check with your network administrator to see if web access is available. — Jim Thomas Senior Support Specialist Thursby Software Systems, Inc. I have 10.10.3 Yosemite using SCR-3500 card reader and I tried CACKey, Centrify Express, etc THe need is to log into a VPN and then MS RDP to a windows client. The Windows client is requesting a PIV Card of which it does work if I use another Windows computer but dies NOT work with the Macbook Pro. I really need the Mac to work using CORD to MS RDP and then authenticate into the MS RDP client reading my card off the Macbook that has a SCR-3500 reader.
The first issue is in Keychain, I don’t even see any PIV above the login on the side menu. Thx so much F. Probably a bit late to reply, but yes – smartcard login on a Mac without AD integration is simpler than with AD. Unfortunately, without extra software it would not be possible, as Apple does not ship middleware necessary to interface between the smartcard and the OS and applications such as Keychain Access.
Note that we are talking Mac OS X 10.9.x – 10.11.x. Starting with 10.12 the situation is likely to be completely different, and you indeed might not need any extra software.
This assumes you have a working smartcard reader, such as SCM 3110, or Gemalto Dual Prox. More readers nowadays are likelier to work, rather than not. The software you need includes: – tokend, available from Open Source (I recommend ) or commercial vendors (Thursby PKard has very good reputation among the users); – lower-level PKCS#11 components (may not be necessary) – I recommend.
Post Suisseid With Usb Reader: Installation Instructions For Mac Pro
Once these packages are installed, you need to configure the system: 1. Using CLI, add root CA (and it appears that Intermediate CAs too if they are involved) to System.keychain, like “sudo security add-trusted-cert -d -k ‘/System/Keychains/System.keychain’ pathtoyourCAcert” 2.
Insert your smartcard, and open Keychain Access. You should see your smartcard as another keychain. If not – troubleshoot until you do. “scauth hash” – locate and copy “PIV Auth” certificate hash 4. “sudo scauth accept -u yourusername -h hashfromabove” 5. “scauth list -u yourusername” should show that same hash.
“sudo security authorizationdb smartcard enable” 7. “sudo security authorizationdb smartcard status” should show that smartcard is enabled for authentication. You’re done – now you can login with your CAC/PIV card in addition to name/password. You may be able to configure the machine to enable.only. smartcard login, but I don’t know how (or if it is indeed possible). Much easier solution!!
I have El Capitan 10.11.6 and login without problems with my PIV. Here is what you do: 1. Go to: and login 2. On the left side menu go to Citrix(CAG) and select ‘Media’. Scroll down to the ‘Citrix Software’ and download the Mac OS X 10.11 – CAG OE Remote Bundle Package. Also download the Citrix Documentation CAG OE Macintosh’s User Guide Follow the instructions and enjoy. You do have to set up your security certificates but the documentation walks you through each step.
It took 10 minutes to setup and has been working well for me. I am using the standard PIV card reader from the VA, nothing fancy. And the bundle has all the middleware you need.