Introduction
From version 6.0 it is possible to perform self-service operations from macOS platforms using vSEC:CMS User Self-Service (USS).
The self-service operations that can be performed and the limitations are listed below:
- Currently, PIV-only tokens and Thales eTokens 5100 and 5110 are supported
- Change PIN
- Offline PIN unblock using challenge/response
- Online PIN unblock
- View installed certificates on token
- Reissue certificates on the token
- Only English language supported
- No PIN policy details are displayed when performing PIN operations.
Important: Only gRPC communication is possible when connecting to the server side of vSEC:CMS. See here for details on how gRPC can be configured.
Important: macOS Sonoma 14.4.14, BigSur 11 and Catalina 10.15 versions have been validated along with M-series and Intel-based chips.
Configuration
The only configuration required is to connect the USS to the server-side component when performing operations with managed credentials. You can configure the connection with a configuration file. On macOS, you usually use .plist files for this. This file needs to be located at ~/Library/Preferences/com.versasec.config.plist
You can set this file using the following command:
defaults write ~/Library/Preferences/com.versasec.config "gRPCServerUrl" 'http://gRPCUrl:Port'
Where gRPCUrl is the hostname of the server where vSEC:CMS is installed and Port is the port number that the gRPC service is listening on.
If you set the schema to HTTPS, then you need to set a second value
defaults write ~/Library/Preferences/com.versasec.config "Certificate" 'your_root_certificate_label_name’
Where your_root_certificate_label_name is the name of the issuer certificate of the server certificate which is selected in vSEC:CMS. This certificate has to be installed in the keychain of your system and must be trusted.
Important: Logs are enabled by default and can be found in this folder: Users\"username"\versasec\DotNetWrapper