Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mcaesar
Participant

macOS certificate login with smart card

In macOS 10.14 Mojave the certificates on smart cards are visible in the keychain and thereby available for certificate login in Endpoint Security VPN when choosing the certificate login option. 

In macOS 10.15 Catalina and macOS 11 Big Sur the certificates on smart cards are no longer visible in the keychain and as such not available for the VPN certificate login option anymore (Endpoint Security E84.30 macOS Client).

Endpoint Security VPN should rather use the CryptoTokenKit on macOS to read certificates from smart cards. Will this be fixed?

 

Bildschirmfoto 2021-01-08 um 13.33.57.png

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

I’m seeing a similar issue with non-SmartCard certificates.
I recommend a TAC case.

0 Kudos
AndreiR
Employee
Employee

Hi @mcaesar,

By default macOS 10.15 Cataline and 11 BigSur use CryptoKit framework for accessing smart cards. Currently VPN client does not support CryptoKit yet. It will be added soon.

In macOS 10.15 Catalina you may enable legacy framework TokenD. You should contact your smart card vendor and check with them if they support TokenD and how to enable it for their product.  

0 Kudos
Vadim0147
Explorer

Hi.
Could you tell when support for CryptoTokenKit will be added to VPN client?

0 Kudos
Vadim0147
Explorer

Hi

Could you inform us, when support for CryptoTokenKit will be added to VPN Client?

0 Kudos
ssehovic
Explorer

Hi @AndreiR ,

any news regarding CryptoKit framework? Is there a beta version that we could test and give a feedback?

We really need it for Big Sur so that we can ditch virtual Windows 10 inside Parallels 😉

Best regards,

S.

0 Kudos
mcaesar
Participant

Hi @AndreiR 

I have installed E84.70 macOS client, but I still cannot authenticate using a smart card. When will CryptoTokenKit be supported?

0 Kudos
mcaesar
Participant

In macOS 10.15 Catalina it is indeed possible to enable tokend as described in the SmartCardServices-legacy(7) manpage.

 

sudo defaults write /Library/Preferences/com.apple.security.smartcard Legacy -bool true

 

But I need a solution for macOS 11 Big Sur. What is the roadmap for "soon", may I ask when support for CryptoTokenKit will be added?

0 Kudos