Mark Shroyer <usenet-mail@markshroyer.com> wrote:
> On 2007-09-30, Per Rønne <per@RQNNE.invalid> wrote:
> > I am using a digital certificate to access government sites in
> > Denmark. The certificate is, however, only valid for two years so
> > then you will have to get a new certificate.
>
> Not to stray too far off topic, but are you talking about regular
> government services for ordinary citizens? That is to day, does
> Denmark issue its citizens X.509 certificates for secure
> authentication to government Web sites? Because that sounds really
> nifty if it is the case.
Well, each citizen can apply for a digital signature which gives secure
authentification to government web sites.
This means that you can complete your's income tax return. Look up
medical data on yourself. Register yourself to the employment service,
if you loose your job. And lots of other thing - all through the web and
using your digital signature.
> > Of course, this is what I have done. And I have placed the new
> > certificate in my keyring [through
> > /Applications/Utilities/Keychain Access].
> >
> > But Safari still uses the old certificate which is now obsolete.
> > It doesn't even help to delete it from the keyring; it is till
> > chosen by Safari. And though it shows two certificates [and marks
> > the first one as no more valid], it still uses it - and I see no
> > way to force it to use the new.
>
> Sorry, I'm a little unclear on what you mean there. Do you keep
> deleting your expired certificate from your login keychain, only to
> have it reappear later? Maybe it would help to clarify this if you
> could post a screenshot somewhere.
I cannot post a screenshot as I don't have access to binary groups.
Instead I have placed one on my homepage, at:
<
http://rqnne.dk/Certificate.png>
And no, once removed from the keychain, the certificate doesn't show up
in the keychain again. It just remains in Safari.
BTW, if you look at the picture, chosing the second of the certificates
should have succeeded - it doesn't.
> > I have successfully removed the obsolete certificate from FireFox
> > and it works as it should. But not so with Safari.
>
> This is just a wild guess, but were you given a new private key when
> you were issued the new certificate? If so, did you explicitly
> delete the obsolete private key from the keychain along with its
> expired certificate?
I deleted the certificate identifying me as myself.
And, btw, on my old G4/867 QuickSilver [now with a 1.6 GHz double
processor] I tried to do it in another way. First, I removed the old,
obsolete certificate from the keyring. Then I entered the site asking
for the certificate - and now it goes as it should.
But not on my MacBook. I can only see two differences: The former is a
PPC computer, the latter an Intel one. And on the former I began by
removing the certificate from the keyring, in the latter I went the
other way.
--
Per Erik Rønne
http://www.RQNNE.dk