1. Ensure your CAC reader works with Mac
2. Check to ensure your Mac accepts the reader
3. Check your Mac OS version
4. Check your CAC’s version
5. Update your DOD certificates
6. Guidance for Firefox Users
7. Look at graphs to see which CAC enabler to use

1. Download Dod Certificates For Cac Reader
2. Ako
3. Dod Certificates For Cac Reader
4. Cac Reader For A Mac

Step 1: Purchase a Mac Friendly CAC Reader

Purchase a CAC reader that works for your Mac. There are only a couple that you can choose from and I’ve listed them below.

If you already have a CAC reader and it isn’t Mac friendly, you could update the firmware, however, for the non-tech savvy people out there, it’s probably better to just purchase a new one and save the headache – they’re only ~$11-13 dollars.

1. May 04, 2014  Question: Q: CAC Card Reader Install For Army AKO How Do I Get My CAC Reader Installed On my Mac Book Air To Access AKO for the army. Everytime I try I get a message about AKO not accepting a certificate.
2. CAC for a Mac is the ability to use a Department of Defense (DoD) common access card (CAC) on Apple Macintosh computers to access Web sites that require DoD certificate authentication. It was written to allow Navy Marine Corps Intranet (NMCI) users to access their NMCI e-mail using the NMCI Microsoft Outlook Web Access (OWA) portal.

Best Mac Compatible CAC USB Readers

Best Mac Compatible CAC Desk Readers

MilitaryCAC's Mac OS X Installation Steps Page Air Force users with OS X Air Force webmail constantly getting the message The page cannot be displayed. Follow this guide to find out how to add https: After canceling, then choose your certificate, it will give cac a second home to enter your PIN.

Step 2: Plug in and Ensure It’s Accepted

Once you have your CAC reader, plug it into your Mac and ensure your computer recognizes it. If you have one of the CAC readers we suggested above, then you should be good to go.

If you are testing a different version, then verify that your Mac accepts your CAC reader by following these steps.

If for some reason your CAC reader isn’t working, then try the following steps.

Step 3: Update Your DOD Certificates

Now that you have your CAC reader connected and accepted on your Mac computer, it’s time to ensure you have the right certificates in order to access DOD CAC required web pages.

If you are using Chrome or Safari, then follow step 3a below. If you are using Firefox, you’ll need to do some extra steps:

1. Type ⇧⌘U (Shift + Command + U) to access your Utilities
2. Find and Double click “Keychain Access”
3. Select “Login” and “All Items”
4. Download the following four files and double click each once downloaded so as to install in your Keychain Access.
5. When you double-click the Mac Root Cert 3 and 4, you’ll need to tell your browser to always trust them. Click the button like you see below:

Additional Steps for Firefox

1. Download All Certs zip and double click to unzip all 39 files
2. While in Firefox, click “Firefox” on the top left, then “Preferences”
3. Then Click “Advanced” > “Certificates” > “View Certificates”
4. Then Click “Authorities” and then “Import”
5. Import each file individually from the “AllCerts” folder. When you do this, the below box will popup. Check all three boxes and click “OK”

Step 4: Download and install CAC Enabler

1. Download zip
2. Double click the .zip file
3. Because this is from an unidentified developer, you’ll need to hold down “Control” and click the program. Now select open and continue with install procedure.
4. After installing, restart your computer

CAC Access at Home Success

Now that you have a CAC reader, certificates, and a CAC Enabler, you should now be able to access any CAC-enabled website and log on using your CAC password and data.

Common Reasons Why Your CAC Card Won’t Work On Your Mac

Ensure Your CAC Card Meets the Standards: In order for your CAC card to work, it must meet the minimal requirements. Currently, there are only four types of CAC cards that can be used. The ensure you have the right CAC card for online access, flip your CAC card to the back and if you have one of the below numbers written on the top left, then you are good to go:

• G&D FIPS 201 SCE 3.2
• Oberthur ID one 128 v5.5 Dual
• GEMALTO DLGX4-A 144
• GEMALTO TOP DL GX4 144

If you do not have any of the above written on the back, then proceed to your nearest PSD to get a new CAC card issued.

InstallRoot installs the DoD Root certificates onto your Windows computer

If the website you are visiting is prompting you with the message the site is not trusted, you have received a new CAC, or your DoD website worked up until recently and doesn't now, you need to update your DoD certificates.

Apple computer users follow these instructions

DOD InstallRoot 3.16a was issued on 5 March 2013

Download InstallRoot 3.16a from MilitaryCAC or from

Download Dod Certificates For Cac Reader

Run the InstallRoot_v3.16A.exe file from inside the zip folder

InstallRoot Installation Instructions:

Select Run when prompted to Run or Save the file, you will see a black DOS window show on your screen, and have words scrolling in it. When it goes away, you have installed the DoD certificates on your computer.

NOTE: Windows 7, 8, 8.1, & Vista may see a message that the file might not have installed correctly. Select 'This program installed correctly.'

Download and run the Cross Cert Remover tool

You can install both the InstallRoot 3.16a and the Cross Cert Removal tool 1.10 in one single file which was created by NETCOM (Army Network Enterprise Technology COMmand)

This file is created for Home Users ONLY, you can download it from:

MilitaryCAC https://militarycac.com/files/HomeUserCertTool_V03.zip

or

AKO https://ako.us.army.mil/suite/doc/41544679

NEWS, the 3.16.1a file was leaving out an important needed certificate causing some DoD websites to not be trusted. So, I changed the link back to the 3.16a file. However, it is still not installing on all computers, so, follow instructions below.

If you see 'There is a problem with this website's security certificate' after installing the DoD InstallRoot file above or the Red Certificate error below, follow this guide

PROCEED TO STEP 4 - INSTALL ACTIVCLIENT

Alternate download links for the DoD certificates:

Army Knowledge Online (username / password)

3.16a https://ako.us.army.mil/suite/doc/39479923

3.16.1a https://ako.us.army.mil/suite/doc/42460657

Your Internet Explorer may prompt you with a banner stating it blocked this site from downloading files to your computer. Click the box for the option to Download File. Nothing will happen, go back and click the link above again. Now you'll see the option to Run, Save, or Cancel.

-or-

Washington Headquarters Services

Run the InstallRoot_v3.16A.exe file from inside the zip folder / file.

Select Run when prompted to Run or Save the file, you will see a black DOS window show on your screen, and have words scrolling in it. When it goes away, you have installed the DoD certificates on your computer.

NOTE: Windows 7, 8, 8.1, & Vista may see a message that the file might not have installed correctly. Select 'This program installed correctly.'

-or-

Defense Information Systems Agency (DISA) Information Assurance Support Environment (IASE) Public Key Enablement (PKE) - Public Key Infrastructure (PKI) site

Run the InstallRoot_v3.16A.exe file from inside the zip folder / file.

Select Run when prompted to Run or Save the file, you will see a black DOS window show on your screen, and have words scrolling in it. When it goes away, you have installed the DoD certificates on your computer.

NOTE: Windows 7, 8, 8.1, & Vista may see a message that the file might not have installed correctly. Select 'This program installed correctly.'

-or-

Navy Information Assurance website

Select Run when prompted to Run or Save the file, you will see a black DOS screen show on your screen, and have words scrolling in it. When it goes away, you have just installed the DoD certificates on your computer.

NOTE: Windows Vista & 7 may show a message that the file might not have installed correctly. Select 'This program installed correctly.'

Information:

A certificate is a digital document providing the identity of a Web site or individuals. DoD Web sites use a certificate to identify themselves to their users and to enable secure connections. If you are receiving a warning that a site is untrusted / insecure, you will need to install the 'DoD Certificates.' In order to access sites enabled with a DoD PKI certificate without being prompted to accept the DoD Certificate chain at each log on [like Firefox and Safari do], people using Internet Explorer and Chrome should install the certificates. These are separate from the personal certificates that are on your CAC, but they are related.

Root Certificates

How can you (or your web server) trust the identity of someone over the network? An infrastructure of trusted third parties has been put in place to distribute trust between end-users. This infrastructure verifies that we are who we say we are. If we trust the DoD PKI infrastructure, then the infrastructure can vouch for us to trust others that have certificates issued from the DoD PKI.

Ako

Click to see full size image

Dod Certificates For Cac Reader

.

The DoD PKI Infrastructure is comprised of two Root Certification Authorities and a number of Intermediate Authorities. If all of the DoD root certificates are not installed on your computer, various applications will not be able to trust all DoD PKI certificates.

Cac Reader For A Mac

More information about this image can be found here: http://iase.disa.mil/pki-pke/interoperability/Pages/index.aspx