This article details how to resolve issues experienced by using the DigiCert PKI Client to access the PKI Platform 8 administration portal called PKI Manager, using macOS Monterey machines running on either M1 or Intel-based chips.
The following 3 issues have been observed, for which we detail their corresponding solutions:
For PKI Platform 8 administrators using a macOS Monterey machine, the PKI Client UI does not show up, and as such, Users are not able to view the certificate details stored on the PKI Client vToken.
The PKI Client UI issue for Monterey will not be fixed. In order to view certificate details stored on the PKI Client vToken, launch the Keychain Access application on your Monterey machine. Click on the Symantec keychain located on the left vertical navigation bar. You will be prompted to enter your PKI Client PIN. Once the PIN is verified successfully, you can view all the certificates (and their details) stored on the PKI Client vToken
Owing to the issue that PKI Client’s UI is not showing up on Monterey, how do you go about enrolling for an Administrator certificate for the first time, after its expiration, or before expiring?
2.1 Enrolling and picking up the Administrator certificate for the first time
There is no issue regarding the enrolment and pick-up flow for Administrator certificates on Monterey, it is working as expected. Follow the below steps to download/install your Administrator certificate:
After receiving an email with details on how to pick up the Administrator certificate and visiting the pick-up URL, and successfully validating the Administrator details, you will land on the Install certificate page and will be requested to enter your PKI Client PIN for authentication:
Upon successful authentication, the enrolment and pick-up will be successful as shown below:
You can navigate to the “PKI Manager” administration portal on a new browser session (preferably after restarting your Mac machine) and the newly picked-up Administrator certificate would be available to strongly authenticate onto the PKI Manager portal. You can then select the certificate, authenticate with your PKI Client PIN, and log in to the PKI Manager portal successfully.
If your browser does not populate your Admin certificate for the Client Authentication operation on PKI Manager portal, you can add the CA chain manually to the Keychain Access application on your Mac machine, under “Login” keychain access.
If you do not have the Symantec Keychain on your Mac under “Custom Keychains” you will need to create one by doing the following steps:
You can now complete your enrollment for the PKI 8 Admin certificate.
2.2 Enrolling for a new Administrator certificate after its expiration
Check the Administrator certificate within your Keychain and ensure it is inside the renewal window - typically 30 days before expiration.
Reach out to your DigiCert representative (Client Manager or Support team) requesting the following:
Once these 2 steps are done, you would receive an email with the pick-up URL and you can follow the steps in Solution-2.1 above to install your certificate and access the PKI Manager portal without issues.
There are two possible ways PKI Client can come into existence on a Monterey machine:
For the installation of the PKI Client software, there are two options:
If you encounter any issues or have any questions please contact your DigiCert Support Team