Here are the steps on how to install a CAC Reader for Mac:
How To Install Cac Reader On Chromebook
INSTALL 'Installroot 4' on your machine. To do this choose the 'Trust Store' tab instead of the 'Certificate Validation' tab on the Tools page of the DISA site. 'Installroot 4: NIPR Windows Installer' is the DoD PKI certificate installer that you then need to download and install. Following all of that, you should be up and running. How to install a CAC PIV smart card reader. The Dell Quick Resource Locator (QRL) provides immediate access to extensive system information, troubleshooting.
- Ensure your CAC reader works with Mac
- Check to ensure your Mac accepts the reader
- Check your Mac OS version
- Check your CAC’s version
- Update your DOD certificates
- Guidance for Firefox Users
- Look at graphs to see which CAC enabler to use
To install the driver for your CAC reader, open the CD and look for either the SCR3310 USB or the Dell Keyboard folder. If you are using the small external reader connected to your USB port, put the CD in your computer, then run the install program in the SCR3310 folder named SCR3310 USB driver install.exe.
Step 1: Purchase a Mac Friendly CAC Reader
Purchase a CAC reader that works for your Mac. There are only a couple that you can choose from and I’ve listed them below.
If you already have a CAC reader and it isn’t Mac friendly, you could update the firmware, however, for the non-tech savvy people out there, it’s probably better to just purchase a new one and save the headache – they’re only ~$11-13 dollars.
Best Mac Compatible CAC USB Readers
Best Mac Compatible CAC Desk Readers
Step 2: Plug in and Ensure It’s Accepted
Once you have your CAC reader, plug it into your Mac and ensure your computer recognizes it. If you have one of the CAC readers we suggested above, then you should be good to go.
If for some reason your CAC reader isn’t working, you may need to download the appropriate drivers for your CAC reader. You can find these drivers on the Reader’s Manufacturer Website.
Step 3: Update Your DOD Certificates
Now that you have your CAC reader connected and accepted on your Mac computer, it’s time to ensure you have the right certificates in order to access DOD CAC required web pages.
Procedure for Chrome and Safari
- Type ⇧⌘U (Shift + Command + U) to access your Utilities
- Find and Double click “Keychain Access”
- Select “Login” and “All Items”
- Download the following five files and double click each once downloaded so as to install in your Keychain Access.
- When you double-click the Mac Root Cert 3 and 4, you’ll need to tell your browser to always trust them. Click the button like you see below:
Additional Steps for Firefox
If you’re using Mozilla Firefox as your primary browser, you’re going to need to perform some additional steps. First, perform the same steps that you did for Chrome and Safari. Afterwards, follow these additional steps to get started.
- Download All Certs zip and double click to unzip all 39 files
- While in Firefox, click “Firefox” on the top left, then “Preferences”
- Then Click “Advanced” > “Certificates” > “View Certificates”
- Then Click “Authorities” and then “Import”
- Import each file individually from the “AllCerts” folder. When you do this, the below box will popup. Check all three boxes and click “OK”
Step 4: Download and install CAC Enabler
Choosing the right CAC enabler can be pretty tricky. It all depends on what OS you have installed, how you installed it, and even what kind of CAC Card you have!
In order to get the right enabler, be sure to visit our trusty guide to Mac CAC Enablers! It’ll walk you through exactly which enabler is right for you.
CAC Access at Home Success
How To Install Cac Reader Edge
Now that you have a CAC reader, certificates, and a CAC Enabler, you should now be able to access any CAC-enabled website and log on using your CAC password and data.
How To Install Cac Reader On Windows 10
Common Reasons Why Your CAC Card Won’t Work On Your Mac
Ensure Your CAC Card Meets the Standards: In order for your CAC card to work, it must meet the minimal requirements. Currently, there are only four types of CAC cards that can be used. The ensure you have the right CAC card for online access, flip your CAC card to the back and if you have one of the below numbers written on the top left, then you are good to go:
- G&D FIPS 201 SCE 3.2
- Oberthur ID one 128 v5.5 Dual
- GEMALTO DLGX4-A 144
- GEMALTO TOP DL GX4 144
If you do not have any of the above written on the back, then proceed to your nearest PSD to get a new CAC card issued.
Individuals who have a valid authorized need to access DoD Public Key Infrastructure (PKI)- protected information but do not have access to a government site or government-furnished equipment will need to configure their systems to access PKI-protected content.
Accessing DoD PKI-protected information is most commonly achieved using the PKI certificates stored on your Common Access Card (CAC). The certificates on your CAC can allow you to perform routine activities such as accessing OWA, signing documents, and viewing other PKI-protected information online. For more information about your CAC and the information stored on it, visit http://www.cac.mil.
Before you begin, make sure you know your organization’s policies regarding remote use.
Windows
To get started you will need:
- CAC
- Card reader
- Middleware (if necessary, depending on your operating system version)
You can get started using your CAC by following these basic steps:
- Get a card reader.
At this time, the best advice for obtaining a card reader is to work with your home component to get one. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader. - Install middleware, if necessary.
You may need additional middleware, depending on the operating system you use. Please contact your CC/S/A for more information on the middleware requirements for your organization. You can find their contact information on our Contact Us tab. - Install DoD root certificates with InstallRoot (32-bit, 64-bit or Non Administrator).
In order for your machine to recognize your CAC certificates and DoD websites as trusted, run the InstallRoot utility (32-bit, 64-bit or Non Administrator) to install the DoD CA certificates on Microsoft operating systems. If you’re running an alternate operating system such as Mac OS or Linux, you can import certificates from the PKCS 7 bundle. The InstallRoot User Guide is available here. - Make certificates available to your operating system and/or browser, if necessary.
Pick your browser for specific instructions.
Mac
To get started you will need:
- CAC (see note below)
- Card reader
You can get started using your CAC on your Mac OS X system by following these basic steps:
- Get a card reader
Typically Macs do not come with card readers and therefore an external card reader is necessary. At this time, the best advice for obtaining a card reader is through working with your home component. In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements. - Download and install the OS X Smartcard Services package
The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. Please refer to this page for specific installation instructions. - Address the cross-certificate chaining Issue
These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA 2 and the US DoD CCEB IRCA 1 > DoD Root CA 2 certificates to prevent cross-certificate chaining issues. This can make it appear that your certificates are issued by roots other than the DoD Root CA 2 and can prevent access to DoD websites. - Configure Chrome and Safari, if necessary
Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.- In Finder, navigate to Go > Utilities and launch KeychainAccess.app
- Verify that your CAC certificates are recognized and displayed in Keychain Access
Note: CACs are currently made of different kinds of card stock. To determine what card stock you have, look at the back of your CAC above the magnetic strip. Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card.
Linux
To get started you will need:
- CAC
- Card reader
- Middleware
You can get started using your CAC with Firefox on Linux machines by following these basic steps:
- Get a card reader.
At this time, the best advice for obtaining a card reader is to work with your home component to get one. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader. - Obtain middleware.
You will need middleware for Linux to communicate with the CAC. The CoolKey PKCS#11 module provides access to the CAC and can be installed using Linux package management commands.- For Debian-based distributions, use the command apt-get install coolkey
- For Fedora-based distributions, use the command yum install coolkey. The CoolKey PKCS #11 module version 1.1.0 release 15 ships with RHEL 5.7 and above and is located at /usr/lib/pkcs11/libcoolkeypk11.so.
If you prefer to build CoolKey from source, instructions are included in the Configuring Firefox for the CAC guide.
- Configure Firefox to trust the DoD PKI and use the CAC.
To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is being used to perform revocation checking.
Next Steps
Your internet browser is now configured to access DoD websites using the certificates on your CAC. Now that your machine is properly configured, please login and visit our End Users page for more information on using the PKI certificates on your CAC.