Individuals who have a valid authorized demand to admission DoD Public Key Infrastructure (PKI)- protected information but do not take access to a regime site or authorities-furnished equipment volition need to configure their systems to access PKI-protected content.

Accessing DoD PKI-protected information is most commonly accomplished using the PKI certificates stored on your Common Access Card (CAC). The certificates on your CAC tin can allow you to perform routine activities such as accessing OWA, signing documents, and viewing other PKI-protected information online. For more information about your CAC and the data stored on it, visit http://www.cac.mil.

Before yous begin, make sure you know your organization'southward policies regarding remote use.

Windows

To go started you volition need:

  • CAC
  • Carte du jour reader
  • Middleware (if necessary, depending on your operating system version)

You can get started using your CAC by following these basic steps:

  1. Get a carte du jour reader.
    At this time, the best advice for obtaining a card reader is to piece of work with your dwelling house component to get 1. In addition, delight review the DoD CAC Reader Specifications for more than data regarding the requirements for a carte du jour reader.
  2. Install middleware, if necessary.
    You may need additional middleware, depending on the operating system you employ. Delight contact your CC/Southward/A for more information on the middlew​are requirements for your arrangement. You can detect their contact information on our Contact Us tab.
  3. Install DoD root certificates with InstallRoot (32-bit, 64-fleck or Not Administrator).
    In order for your machine to recognize your CAC certificates and DoD websites as trusted, run the InstallRoot utility (32-bit, 64-scrap or Not Ambassador) to install the DoD CA certificates on Microsoft operating systems. If you're running an alternate operating system such as Mac OS or Linux, you can import certificates from the PKCS 7 parcel. The InstallRoot User Guide is bachelor here.
  4. Make certificates available to your operating arrangement and/or browser, if necessary.
    Pick your browser for specific instructions.

Mac

To become started y'all will need:

  • CAC (see annotation beneath)
  • Card reader

You can get started using your CAC on your Mac Os X system past following these basic steps:

  1. Get a card reader
    Typically Macs exercise not come up with card readers and therefore an external carte reader is necessary. At this time, the best advice for obtaining a bill of fare reader is through working with your home component. In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements.
  2. Download and install the OS X Smartcard Services package
    The Bone Ten Smartcard Services Package allows a Mac to read and communicate with a smart card. In gild for your automobile to recognize your CAC certificates and DoD websites equally trusted, the installer will load the DoD CA certificates on OS X. Please refer to this page for specific installation instructions.
  3. Address the cross-certificate chaining Issue
    These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA two and the US DoD CCEB IRCA 1 > DoD Root CA 2 certificates to forestall cantankerous-certificate chaining issues. This tin arrive appear that your certificates are issued past roots other than the DoD Root CA 2 and can prevent admission to DoD websites.
  4. Configure Chrome and Safari, if necessary
    Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.
    1. In Finder, navigate to Go > Utilities and launch KeychainAccess.app
    2. Verify that your CAC certificates are recognized and displayed in Keychain Access

Keychain Access

Note: CACs are currently fabricated of different kinds of card stock. To determine what menu stock y'all have, look at the back of your CAC above the magnetic strip. Most CACs are supported by the Smartcard Services parcel, however Oberthur ID Ane 128 v5.five CACs are not. Third party middleware is available that volition support these CACS; two such options are Thursby Software's PKard and Centrify's Limited for Smart Bill of fare.

Linux

To get started y'all will need:

  • CAC
  • Card reader
  • Middleware

You can go started using your CAC with Firefox on Linux machines by following these basic steps:

  1. Become a carte reader.
    At this time, the best advice for obtaining a carte reader is to work with your dwelling component to get i. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a bill of fare reader.
  2. Obtain middleware.
    You will need middleware for Linux to communicate with the CAC. The CoolKey PKCS#eleven module provides access to the CAC and can exist installed using Linux package direction commands.
    • For Debian-based distributions, use the control apt-get install coolkey
    • For Fedora-based distributions, employ the command yum install coolkey. The CoolKey PKCS #xi module version 1.1.0 release fifteen ships with RHEL v.7 and above and is located at /usr/lib/pkcs11/libcoolkeypk11.so.

    If y'all prefer to build CoolKey from source, instructions are included in the Configuring Firefox for the CAC guide.

  3. Configure Firefox to trust the DoD PKI and use the CAC.
    To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is beingness used to perform revocation checking.

Next Steps

Your internet browser is now configured to access DoD websites using the certificates on your CAC. Now that your motorcar is properly configured, please login and visit our Terminate Users folio for more information on using the PKI certificates on your CAC.