PKI certificates on your Common Access Card (CAC) to log on to your computer, digitally sign. You may need the certificate to decrypt e-mail messages sent to you using your old certificate. Access the secure websites listed on the Certificate Usage Worksheet. Q1: Do i need some kind of adapter to put my nano sim card into the reader because sim card slot is bigger than nano? A: Yes, you need a adapter to help you put the nano sim card into the reader. Q2: Does this work with a MacBook? Sep 05, 2013 I still CAN log in to AKO, but only the 'DOD CA-#' certificate appears as an option. Which is great for AKO, but not for Enterprise. The 'DOD EMAIL CA-#' certificate does not appear. However, when I go into my keychain, all the certificates are. AKO, CAC READERS, PKI and the Mac Discussion in 'The Chow Hall' started by RDJ, Dec 24, 2012. Militarycac.com for the card reader stuff. Can't help on the rest. Dec 25, 2012 #3. I have downloaded all on my personal PC and can do every thing. Why do you need certificates without a CAC reader?
- Ensure your CAC reader works with Mac
- Check to ensure your Mac accepts the reader
- Check your Mac OS version
- Check your CAC’s version
- Update your DOD certificates
- Guidance for Firefox Users
- Look at graphs to see which CAC enabler to use
Step 1: Purchase a Mac Friendly CAC Reader
- The short version is that you're going to un-install a bunch of random certificates, install a bunch of dod certificates, install device drivers for your cac and then hope to god it works. If you have already done all of this, make sure you have no chrome or safari extensions running. Those will fuck it up.
- The Army does have a site that tells Windows users how to avoid the Certificate dialogs, and has a program PC users can download that will set up their PC to not suck so much when accessing AKO, but Mac users are completely ignored.
- Download the DoD Root CA 3 cert here: DoD Root CA 3. Click Allow to download configuration profile. Go to Settings General Profiles and Device Management and tap on DoD Root CA 3. Tap Install and enter your passcode if asked. Tap Install 2x to install certificate. Tap Done on top right.
Purchase a CAC reader that works for your Mac. There are only a couple that you can choose from and I’ve listed them below.
Transferring Mac 10.7 Certificate Files. This article contains instructions for backing up SSL Certificates in Mac 10.7 to a.p12 file. It also contains instructions for importing.p12 and.pfx certificate files. For instructions about transferring Mac 10.9 certificate files, see Mac OS X Mavericks: SSL Certificate Export and Import.
If you already have a CAC reader and it isn’t Mac friendly, you could update the firmware, however, for the non-tech savvy people out there, it’s probably better to just purchase a new one and save the headache – they’re only ~$11-13 dollars.
Best Mac Compatible CAC USB Readers
Best Mac Compatible CAC Desk Readers
Step 2: Plug in and Ensure It’s Accepted
Once you have your CAC reader, plug it into your Mac and ensure your computer recognizes it. If you have one of the CAC readers we suggested above, then you should be good to go.
If you are testing a different version, then verify that your Mac accepts your CAC reader by following these steps.
If for some reason your CAC reader isn’t working, then try the following steps.
Step 3: Update Your DOD Certificates
Microsoft Office For Mac Card
Now that you have your CAC reader connected and accepted on your Mac computer, it’s time to ensure you have the right certificates in order to access DOD CAC required web pages.
What Certificates Do I Need For Mac Card Reader Akon
If you are using Chrome or Safari, then follow step 3a below. If you are using Firefox, you’ll need to do some extra steps:
Get Ako Certificates
- Type ⇧⌘U (Shift + Command + U) to access your Utilities
- Find and Double click “Keychain Access”
- Select “Login” and “All Items”
- Download the following four files and double click each once downloaded so as to install in your Keychain Access.
- When you double-click the Mac Root Cert 3 and 4, you’ll need to tell your browser to always trust them. Click the button like you see below:
What Certificates Do I Need For Mac Card Reader Akoam
Additional Steps for Firefox
- Download All Certs zip and double click to unzip all 39 files
- While in Firefox, click “Firefox” on the top left, then “Preferences”
- Then Click “Advanced” > “Certificates” > “View Certificates”
- Then Click “Authorities” and then “Import”
- Import each file individually from the “AllCerts” folder. When you do this, the below box will popup. Check all three boxes and click “OK”
Step 4: Download and install CAC Enabler
- Download zip
- Double click the .zip file
- Because this is from an unidentified developer, you’ll need to hold down “Control” and click the program. Now select open and continue with install procedure.
- After installing, restart your computer
CAC Access at Home Success
Now that you have a CAC reader, certificates, and a CAC Enabler, you should now be able to access any CAC-enabled website and log on using your CAC password and data.
Common Reasons Why Your CAC Card Won’t Work On Your Mac
Ensure Your CAC Card Meets the Standards: In order for your CAC card to work, it must meet the minimal requirements. Currently, there are only four types of CAC cards that can be used. The ensure you have the right CAC card for online access, flip your CAC card to the back and if you have one of the below numbers written on the top left, then you are good to go:
Download Dod Certificates
- G&D FIPS 201 SCE 3.2
- Oberthur ID one 128 v5.5 Dual
- GEMALTO DLGX4-A 144
- GEMALTO TOP DL GX4 144
What Certificates Do I Need For Mac Card Reader Ako Army
If you do not have any of the above written on the back, then proceed to your nearest PSD to get a new CAC card issued. List reader for mac.
Individuals who have a valid authorized need to access DoD Public Key Infrastructure (PKI)- protected information but do not have access to a government site or government-furnished equipment will need to configure their systems to access PKI-protected content.
Accessing DoD PKI-protected information is most commonly achieved using the PKI certificates stored on your Common Access Card (CAC). The certificates on your CAC can allow you to perform routine activities such as accessing OWA, signing documents, and viewing other PKI-protected information online. For more information about your CAC and the information stored on it, visit http://www.cac.mil.
Before you begin, make sure you know your organization’s policies regarding remote use.
Windows
To get started you will need:
- CAC
- Card reader
- Middleware (if necessary, depending on your operating system version)
You can get started using your CAC by following these basic steps:
- Get a card reader.
At this time, the best advice for obtaining a card reader is to work with your home component to get one. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader. - Install middleware, if necessary.
You may need additional middleware, depending on the operating system you use. Please contact your CC/S/A for more information on the middleware requirements for your organization. You can find their contact information on our Contact Us tab. - Install DoD root certificates with InstallRoot (32-bit, 64-bit or Non Administrator).
In order for your machine to recognize your CAC certificates and DoD websites as trusted, run the InstallRoot utility (32-bit, 64-bit or Non Administrator) to install the DoD CA certificates on Microsoft operating systems. If you’re running an alternate operating system such as Mac OS or Linux, you can import certificates from the PKCS 7 bundle. The InstallRoot User Guide is available here. - Make certificates available to your operating system and/or browser, if necessary.
Pick your browser for specific instructions.
Mac
To get started you will need:
- CAC (see note below)
- Card reader
You can get started using your CAC on your Mac OS X system by following these basic steps:
Download Ako Certificates Mac Version
- Get a card reader
Typically Macs do not come with card readers and therefore an external card reader is necessary. At this time, the best advice for obtaining a card reader is through working with your home component. In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements. - Download and install the OS X Smartcard Services package
The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. Please refer to this page for specific installation instructions. - Address the cross-certificate chaining Issue
These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA 2 and the US DoD CCEB IRCA 1 > DoD Root CA 2 certificates to prevent cross-certificate chaining issues. This can make it appear that your certificates are issued by roots other than the DoD Root CA 2 and can prevent access to DoD websites. - Configure Chrome and Safari, if necessary
Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.- In Finder, navigate to Go > Utilities and launch KeychainAccess.app
- Verify that your CAC certificates are recognized and displayed in Keychain Access
Note: CACs are currently made of different kinds of card stock. To determine what card stock you have, look at the back of your CAC above the magnetic strip. Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card.
Army Ako Certificate
Linux
To get started you will need:
- CAC
- Card reader
- Middleware
You can get started using your CAC with Firefox on Linux machines by following these basic steps:
- Get a card reader.
At this time, the best advice for obtaining a card reader is to work with your home component to get one. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader. - Obtain middleware.
You will need middleware for Linux to communicate with the CAC. The CoolKey PKCS#11 module provides access to the CAC and can be installed using Linux package management commands.- For Debian-based distributions, use the command apt-get install coolkey
- For Fedora-based distributions, use the command yum install coolkey. The CoolKey PKCS #11 module version 1.1.0 release 15 ships with RHEL 5.7 and above and is located at /usr/lib/pkcs11/libcoolkeypk11.so.
If you prefer to build CoolKey from source, instructions are included in the Configuring Firefox for the CAC guide.
- Configure Firefox to trust the DoD PKI and use the CAC.
To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is being used to perform revocation checking.
Next Steps
Download Ako Certificates Mac Download
Your internet browser is now configured to access DoD websites using the certificates on your CAC. Now that your machine is properly configured, please login and visit our End Users page for more information on using the PKI certificates on your CAC.