How to Get Cac Card Reader to Work

Individuals who have a valid authorized need to admission DoD Public Key Infrastructure (PKI)- protected information but practice not take access to a regime site or government-furnished equipment will need to configure their systems to access PKI-protected content.

Accessing DoD PKI-protected information is virtually commonly achieved using the PKI certificates stored on your Mutual Access Card (CAC). The certificates on your CAC can allow you to perform routine activities such as accessing OWA, signing documents, and viewing other PKI-protected information online. For more data most your CAC and the data stored on information technology, visit http://www.cac.mil.

Earlier you begin, make sure you know your system's policies regarding remote use.

Windows

To get started you volition need:

CAC
Carte du jour reader
Middleware (if necessary, depending on your operating system version)

Y'all tin get started using your CAC by following these basic steps:

Get a card reader.
At this time, the best communication for obtaining a card reader is to work with your home component to get one. In improver, please review the DoD CAC Reader Specifications for more than data regarding the requirements for a card reader.
Install middleware, if necessary.
You may need boosted middleware, depending on the operating organisation you use. Please contact your CC/S/A for more information on the middleware requirements for your organization. You lot can find their contact information on our Contact Us tab.
Install DoD root certificates with InstallRoot (32-scrap, 64-flake or Non Administrator).
In order for your machine to recognize your CAC certificates and DoD websites as trusted, run the InstallRoot utility (32-bit, 64-scrap or Non Ambassador) to install the DoD CA certificates on Microsoft operating systems. If you're running an alternate operating system such as Mac OS or Linux, you can import certificates from the PKCS 7 packet. The InstallRoot User Guide is available here.
Make certificates available to your operating organisation and/or browser, if necessary.
Pick your browser for specific instructions.

Mac

To get started you volition demand:

CAC (see annotation below)
Card reader

You lot can get started using your CAC on your Mac OS Ten system by post-obit these basic steps:

Get a card reader
Typically Macs practice not come with card readers and therefore an external card reader is necessary. At this time, the best advice for obtaining a card reader is through working with your domicile component. In addition, please review the DoD CAC Reader Specifications for more information regarding carte du jour reader requirements.
Download and install the Bone 10 Smartcard Services package
The Os 10 Smartcard Services Package allows a Mac to read and communicate with a smart card. In social club for your automobile to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on Bone 10. Please refer to this folio for specific installation instructions.
Address the cantankerous-certificate chaining Issue
These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA 2 and the US DoD CCEB IRCA 1 > DoD Root CA 2 certificates to prevent cross-certificate chaining issues. This can brand it appear that your certificates are issued by roots other than the DoD Root CA two and tin prevent access to DoD websites.
Configure Chrome and Safari, if necessary
Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.
1. In Finder, navigate to Go > Utilities and launch KeychainAccess.app
2. Verify that your CAC certificates are recognized and displayed in Keychain Access

Keychain Access

Annotation: CACs are currently made of different kinds of carte stock. To determine what card stock you take, look at the back of your CAC above the magnetic strip. Almost CACs are supported by the Smartcard Services parcel, however Oberthur ID One 128 v5.five CACs are non. Tertiary party middleware is available that will back up these CACS; two such options are Thursby Software'southward PKard and Centrify's Express for Smart Card.

Linux

To go started you volition need:

CAC
Card reader
Middleware

Yous tin get started using your CAC with Firefox on Linux machines past following these basic steps:

Become a carte du jour reader.
At this fourth dimension, the best communication for obtaining a card reader is to work with your domicile component to become one. In addition, delight review the DoD CAC Reader Specifications for more data regarding the requirements for a card reader.
Obtain middleware.
You will need middleware for Linux to communicate with the CAC. The CoolKey PKCS#11 module provides access to the CAC and can exist installed using Linux bundle direction commands.
- For Debian-based distributions, employ the control apt-get install coolkey
- For Fedora-based distributions, use the command yum install coolkey. The CoolKey PKCS #11 module version 1.1.0 release 15 ships with RHEL 5.vii and above and is located at /usr/lib/pkcs11/libcoolkeypk11.so.
If you prefer to build CoolKey from source, instructions are included in the Configuring Firefox for the CAC guide.
Configure Firefox to trust the DoD PKI and employ the CAC.
To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is being used to perform revocation checking.

Next Steps

Your cyberspace browser is at present configured to access DoD websites using the certificates on your CAC. At present that your machine is properly configured, delight login and visit our End Users page for more information on using the PKI certificates on your CAC.