I've had no issues with my CAC reader/access until today. I am using a SCR3310 v2.0, Mac High Sierra 10.13.6 and Centrify smart card assistant 5.4.2. In keychain, I already deleted all websites with Identity Preference all all DOD certs. New DOD certs were installed via MilitaryCAC.com.
In Centrify, the card status never gets past "Authentification attempts remaining: 2."
Thank you for any help you can provide.
Below is the log file from Diagnositics (I've removed email addresses below):
Smart card: VERGA.JARED.MICHAEL.1249313420
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=VERGA.JARED.MICHAEL.1249313420
** This certificate has no NT Principal Name
** This certificate has not been mapped to any user
Not valid before: Wed May 05 24 00:00:00 2017 UTC
Not valid after: Sat May 05 23 23:59:59 2020 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41
Not valid before: Mon Nov 11 09 16:13:56 2015 UTC
Not valid after: Tue Nov 11 09 16:13:56 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
Not valid before: Tue Mar 03 20 18:46:41 2012 UTC
Not valid after: Sun Dec 12 30 18:46:41 2029 UTC
This certificate is valid
This certificate is trusted by the domain
** This certificate cannot be used for pkinit
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=VERGA.JARED.MICHAEL.1249313420
Email Address:
NT Principal Name: 1249313420@mil
Not valid before: Wed May 05 24 00:00:00 2017 UTC
Not valid after: Sat May 05 23 23:59:59 2020 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41
Not valid before: Mon Nov 11 09 16:05:27 2015 UTC
Not valid after: Tue Nov 11 09 16:05:27 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
Not valid before: Tue Mar 03 20 18:46:41 2012 UTC
Not valid after: Sun Dec 12 30 18:46:41 2029 UTC
This certificate is valid
This certificate is trusted by the domain
This certificate can be used for pkinit, testing:
** Data signing failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Signature verification failed: Unknown PKCS#1 padding type 0x45
Public key encryption succeeded
** Private key decryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Private key encryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Public key decryption failed: Unknown PKCS#1 padding type 0x1f
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USN/CN=VERGA.JARED.MICHAEL.1249313420
Email Address:
** This certificate has no NT Principal Name
** This certificate has not been mapped to any user
Not valid before: Wed May 05 24 00:00:00 2017 UTC
Not valid after: Sat May 05 23 23:59:59 2020 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.39,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41
Not valid before: Mon Nov 11 09 16:05:27 2015 UTC
Not valid after: Tue Nov 11 09 16:05:27 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
Not valid before: Tue Mar 03 20 18:46:41 2012 UTC
Not valid after: Sun Dec 12 30 18:46:41 2029 UTC
This certificate is valid
This certificate is trusted by the domain
** This certificate cannot be used for pkinit