Individuals who have a valid authorized demand to admission DoD Public Fundamental Infrastructure (PKI)- protected information but practice not have access to a authorities site or government-furnished equipment will need to configure their systems to access PKI-protected content.

Accessing DoD PKI-protected information is most commonly accomplished using the PKI certificates stored on your Common Access Menu (CAC). The certificates on your CAC tin allow y'all to perform routine activities such as accessing OWA, signing documents, and viewing other PKI-protected data online. For more data about your CAC and the information stored on it, visit http://www.cac.mil.

Before you lot begin, brand sure you know your organization's policies regarding remote use.

Windows

To become started yous will need:

  • CAC
  • Carte du jour reader
  • Middleware (if necessary, depending on your operating system version)

Y'all can get started using your CAC by following these basic steps:

  1. Become a bill of fare reader.
    At this time, the all-time advice for obtaining a menu reader is to piece of work with your home component to get one. In improver, please review the DoD CAC Reader Specifications for more than information regarding the requirements for a card reader.
  2. Install middleware, if necessary.
    You may need boosted middleware, depending on the operating arrangement yous use. Please contact your CC/South/A for more than information on the middlew​are requirements for your organization. Yous can discover their contact information on our Contact U.s. tab.
  3. Install DoD root certificates with InstallRoot (32-scrap, 64-fleck or Non Administrator).
    In social club for your auto to recognize your CAC certificates and DoD websites as trusted, run the InstallRoot utility (32-bit, 64-bit or Non Administrator) to install the DoD CA certificates on Microsoft operating systems. If you're running an alternate operating system such as Mac Bone or Linux, you lot can import certificates from the PKCS 7 bundle. The InstallRoot User Guide is available here.
  4. Make certificates bachelor to your operating organization and/or browser, if necessary.
    Pick your browser for specific instructions.

Mac

To get started you volition demand:

  • CAC (run across note below)
  • Card reader

You tin get started using your CAC on your Mac OS Ten organisation by following these bones steps:

  1. Go a bill of fare reader
    Typically Macs do not come with card readers and therefore an external card reader is necessary. At this time, the all-time advice for obtaining a card reader is through working with your home component. In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements.
  2. Download and install the Os X Smartcard Services package
    The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. In guild for your auto to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. Please refer to this page for specific installation instructions.
  3. Accost the cross-document chaining Issue
    These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA 2 and the U.s. DoD CCEB IRCA 1 > DoD Root CA 2 certificates to foreclose cross-certificate chaining issues. This can make it appear that your certificates are issued by roots other than the DoD Root CA ii and can prevent access to DoD websites.
  4. Configure Chrome and Safari, if necessary
    Safari and Google Chrome rely on Keychain Admission properly recognizing your CAC certificates.
    1. In Finder, navigate to Get > Utilities and launch KeychainAccess.app
    2. Verify that your CAC certificates are recognized and displayed in Keychain Access

Keychain Access

Annotation: CACs are currently made of dissimilar kinds of card stock. To determine what carte stock y'all take, look at the back of your CAC to a higher place the magnetic strip. Most CACs are supported by the Smartcard Services package, nevertheless Oberthur ID Ane 128 v5.5 CACs are not. 3rd party middleware is available that will support these CACS; two such options are Thursby Software's PKard and Centrify's Express for Smart Card.

Linux

To get started you will need:

  • CAC
  • Carte reader
  • Middleware

Y'all tin can get started using your CAC with Firefox on Linux machines by following these bones steps:

  1. Get a carte du jour reader.
    At this time, the best advice for obtaining a carte du jour reader is to work with your dwelling component to become i. In addition, please review the DoD CAC Reader Specifications for more data regarding the requirements for a carte du jour reader.
  2. Obtain middleware.
    You lot will need middleware for Linux to communicate with the CAC. The CoolKey PKCS#11 module provides access to the CAC and can be installed using Linux bundle direction commands.
    • For Debian-based distributions, apply the command apt-get install coolkey
    • For Fedora-based distributions, utilize the command yum install coolkey. The CoolKey PKCS #11 module version ane.one.0 release xv ships with RHEL 5.seven and to a higher place and is located at /usr/lib/pkcs11/libcoolkeypk11.so.

    If you prefer to build CoolKey from source, instructions are included in the Configuring Firefox for the CAC guide.

  3. Configure Firefox to trust the DoD PKI and use the CAC.
    To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is being used to perform revocation checking.

Adjacent Steps

Your net browser is now configured to access DoD websites using the certificates on your CAC. Now that your machine is properly configured, delight login and visit our End Users folio for more than information on using the PKI certificates on your CAC.