This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mcaesar
Participant
‎2021-01-08 04:48 AM
Jump to solution

macOS certificate login with smart card

In macOS 10.14 Mojave the certificates on smart cards are visible in the keychain and thereby available for certificate login in Endpoint Security VPN when choosing the certificate login option. 

In macOS 10.15 Catalina and macOS 11 Big Sur the certificates on smart cards are no longer visible in the keychain and as such not available for the VPN certificate login option anymore (Endpoint Security E84.30 macOS Client).

Endpoint Security VPN should rather use the CryptoTokenKit on macOS to read certificates from smart cards. Will this be fixed?

 

Bildschirmfoto 2021-01-08 um 13.33.57.png

0 Kudos
1 Solution

Accepted Solutions
ssehovic
Explorer
‎2022-10-21 10:08 AM
In response to mcaesar
Jump to solution

Hi @mcaesar,

you have to have SafeNet Authentication Client installed on your mac. SAC reads certificate from your smartcard. I can confirm that finally checkpoint vpn 86.60 works.

Hope this information will help you.

S. 

View solution in original post

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2021-01-08 07:54 PM
Jump to solution

I’m seeing a similar issue with non-SmartCard certificates.
I recommend a TAC case.

0 Kudos
AndreiR
Employee
Employee
‎2021-01-09 03:58 AM
Jump to solution

Hi @mcaesar,

By default macOS 10.15 Cataline and 11 BigSur use CryptoKit framework for accessing smart cards. Currently VPN client does not support CryptoKit yet. It will be added soon.

In macOS 10.15 Catalina you may enable legacy framework TokenD. You should contact your smart card vendor and check with them if they support TokenD and how to enable it for their product.  

0 Kudos
Vadim0147
Explorer
‎2021-01-25 07:56 AM
In response to AndreiR
Jump to solution

Hi.
Could you tell when support for CryptoTokenKit will be added to VPN client?

0 Kudos
Vadim0147
Explorer
‎2021-01-25 08:00 AM
In response to AndreiR
Jump to solution

Hi

Could you inform us, when support for CryptoTokenKit will be added to VPN Client?

0 Kudos
ssehovic
Explorer
‎2021-02-24 02:02 AM
In response to AndreiR
Jump to solution

Hi @AndreiR ,

any news regarding CryptoKit framework? Is there a beta version that we could test and give a feedback?

We really need it for Big Sur so that we can ditch virtual Windows 10 inside Parallels 😉

Best regards,

S.

0 Kudos
mcaesar
Participant
‎2021-05-04 09:30 AM
In response to AndreiR
Jump to solution

Hi @AndreiR 

I have installed E84.70 macOS client, but I still cannot authenticate using a smart card. When will CryptoTokenKit be supported?

0 Kudos
mcaesar
Participant
‎2021-01-11 02:13 AM
Jump to solution

In macOS 10.15 Catalina it is indeed possible to enable tokend as described in the SmartCardServices-legacy(7) manpage.

 

sudo defaults write /Library/Preferences/com.apple.security.smartcard Legacy -bool true

 

But I need a solution for macOS 11 Big Sur. What is the roadmap for "soon", may I ask when support for CryptoTokenKit will be added?

0 Kudos
mcaesar
Participant
‎2022-10-21 09:03 AM
In response to mcaesar
Jump to solution

Hi @AndreiR 

will smart card login with certificates be supported on macOS using CryptoTokenKit be supported?

I just tried latest version client VPN E86.70 but I still cannot select the certificates from the smart card.

0 Kudos
ssehovic
Explorer
‎2022-10-21 10:08 AM
In response to mcaesar
Jump to solution

Hi @mcaesar,

you have to have SafeNet Authentication Client installed on your mac. SAC reads certificate from your smartcard. I can confirm that finally checkpoint vpn 86.60 works.

Hope this information will help you.

S. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events