I love using Mac, as a so called IT professional it’s the most professional improvement to come UNIX in over a decade.\u00c2\u00a0 I especially like to use it for work,\u00c2\u00a0 The problem isall of the systems they use at my company rely on CAC authentication.\u00c2\u00a0 More specificaly it’s all been geared towards Windows & CAC.\u00c2\u00a0 Don’t get me wrong Common Access Cards are a great way to handle security.\u00c2\u00a0 They work off of industry standard concepts like X.509 Certificates and Public Key Encryption.\u00c2\u00a0 I don’t have a problem with that.\u00c2\u00a0 It’s the horseshit support I find for documentation on how to use cac with my Mac.<\/p>\n
This is a list of links and tips I discovered to make it easier to do.\u00c2\u00a0 By default it shouldn’t be that card in OS X 10.5.6 or higher to get your CAC to work.\u00c2\u00a0 In factApple already has support for CAC readers built into the OS.\u00c2\u00a0 I have found though that often times you need to flash your CAC reader with the most current firmware version to make it work right.\u00c2\u00a0 The worst part about this is that you have to use a windows XP computer to do this.\u00c2\u00a0 I found the firmware for my cCAC reader and the flash tool at this site http:\/\/www.txsystems.com\/cac.html\u00c2\u00a0 Once I installed it on a Windows XP machine and flashed it to the most current version I got my cac to start seeing it.<\/p>\n
To test if your mac can see you CAC reader plug it into your computer and place you CAC in the reader. Then open terminal and type ‘sudo pcsctool’.\u00c2\u00a0 After you input your admin password if will tell you sucess or failure.\u00c2\u00a0 THis is the immeditae indicator of weather or not your computer can use your CAC reader.<\/p>\n
Once you know your computer will see it you can start configuring certain programs to use it\/.\u00c2\u00a0 So far I’ve gotten Safari and Firefox working with the CAC reader.\u00c2\u00a0 The best instructions you can find for getting Safari to use your CAC is from http:\/\/militarycac.com\/apple.htm\u00c2\u00a0 I’ve included it here for archive puproses.<\/p>\n
Step 1: Update your system.\u00c2\u00a0 (10.5.6 is the minimum required for Leopard, though 10.5.8 is currently available and recommended)<\/p>\n
Step 2: Plug in your CAC Reader to the USB Port<\/p>\n
Step 3: Click the Apple Icon in the upper left corner of your desktop and select “About This Mac”<\/p>\n
Step 4: Click the “More Info” Button within the window that pops up. (This open System Profiler)<\/p>\n
Step 5: Within the “Hardware” Category select the “USB” Section.\u00c2\u00a0 On the right hand side of the screen the window will display all hardware plugged into the USB ports on your Mac.\u00c2\u00a0 Within this should be a Smart Card Reader.\u00c2\u00a0 If the Smart Card reader is present here it is installed on your system, and no further hardware changes are required, i.e. additional drivers \/ Firmware upgrades.\u00c2\u00a0 Unplug the CAC Reader from your system.<\/p>\n
Step 6: Open Keychains Access from the Utilities Folder within the Applications folder; Open the “Edit” Menu, and select “Keychain List”, click the “+” button in the lower left of the window opened, navigate to the location: System \/ Library \/ Keychains (Select the local hard drive i.e \u00e2\u20ac\u0153Macintosh HD\u00e2\u20ac\u009d on the left, followed by the System folder, within that the Library folder, and within that the Keychains folder), and select X509Anchors.\u00c2\u00a0 Check the Box to the left of the name under “Shared” as well as the System Box.\u00c2\u00a0 Click “Ok”.<\/p>\n
Step 7: Plug in your CAC Reader and insert your CAC into the CAC Reader.\u00c2\u00a0 If in the upper left of the Keychain Access window, under “Keychains” your CAC should show up (CAC XXXX-XXXX-XXXX-XXXX-XXXX), select it. In the right hand side you will see the certificates that are on your CAC. (If your CAC does not appear remove it from the reader, unplug the CAC Reader, close and re-open keychains, plug in the Card Reader, and insert your CAC)<\/p>\n
Step 8: Click the “Padlock” icon in the upper left corner of the program window, which will prompt you for your CAC PIN.\u00c2\u00a0 Enter your PIN to unlock your CAC.<\/p>\n
Step 9: Select the desired certificate, which will show DOD CA-XX or DOD EMAIL CA-XX in the upper window.\u00c2\u00a0 Right Click (Control Click) and select “New Identity Preference”<\/p>\n
Step 10: Enter the URL for the appropriate website you wish to access, select the appropriate certificate and click \u00e2\u20ac\u0153Add\u00e2\u20ac\u009d:<\/p>\n
Step 11: Close Keychains, remove your CAC, and re-insert it.\u00c2\u00a0 Open Safari and begin navigating to your CAC enabled site.\u00c2\u00a0 (Air Force Users: remove your CAC card and re-insert it prior to opening Safari.)<\/p>\n
If you want to use your CAC with firefox it’s a little more complicated.\u00c2\u00a0 This is because the plugin that used to be hosted on the mozilla addons page is nolonger active.\u00c2\u00a0 Now the project is hosted under the Department of Defensess forge.mil site.\u00c2\u00a0 This site requires a department of defense CAC to get in and download it.\u00c2\u00a0 It also has great documentation on how to setup firefox.\u00c2\u00a0 It’s all focused on the DOD Certs though.<\/p>\n