Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

10.5.6 and DoD CAC reader email access

Take the suggestion above and subscribe to the apple fedtalk list....there's some good FAQs and stuff in the archives for getting CACs to work...one thing is to make sure your reader is at the proper firmware version. If not, you have to flash it. I don't have the exact info in front of me now, but I know the reader firmware version is important.
 
CAC troubles

Guys,

First post as I just got my first Mac Last week. Overall I love it, but can not get it to work with any Navy CAC required sites. I am running OS 10.6.2 and have a SCR 331 CAC reader. I have followed all the instructions from this very informative website:

http://militarycac.com/apple.htm

but I still can not get it to work. The Card reader works, recognizes my password but will not access the websites. When I look at my certificates all three show up and I have listed the URL to all three via the "New Identify preference" option.

One thing that I did not do was upgrade/check the software for the card reader because it appears to work and I was told I would not need to.

I am considering using Windows via Bootcamp because I absolutely need access to these sites but I really don't want to do that.

Two questions:

Any ideas?
Will Apple provide any support regarding CAC issues?

Thanks Scoop57.
 
paddlefu said:
Right now I have no certificates to which I can associate a URL. When I access my CAC in keychain access, there is simply nothing under the CAC - the reader recognizes the CAC, but sees no certificates of any kind.

So I'm guessing the new root certificate is probably the solution. My new CAC has the CA-24 on it, so would I need to delete the current root CA's (DOD Root CA 2 and DoD Class 3 Root CA) and get them from a website or something or am I way off? i.e. if my reader isn't seeing any certificates, is my problem far bigger? Thanks again for the help
Click to expand...

Sounds like you have an older CAC reader and managed to get one of the new versions of the CAC. Take your CAC reader to work and try it there... if it doesn't recognize your CAC, you'll need to find out if there is a firmware update for your reader. Unfortunately, you'll probably have to update your firmware from a Windows computer.

As for the root certificates, you are not required to specifically delete your old certificates, but you will need to delete your old identity preferences. As I mentioned before, on some occasions, the KeyChain becomes corrupt and I've had to delete it and start over.

Good luck and please go to Apple Feedback and tell them to fix this (I've added a detailed post on this above).
 
paddlefu said:
I recently got a new CAC as my previous was about to expire. I'm using 10.6.2 and everything was working great with my old CAC utilizing the id pref workaround (could access webmail, Navy websites, etc). New CAC will recognize in keychain access (can see the CAC ID #) but it displays no certificates at all. I've tried two different readers now, both of which have been flashed and have version 5.22 on them, but the certificates don't show up at all. I can unlock it with my pin, but there's nothing for me to modify at that point. Has anyone else seen this problem with new CAC's and/or heard of a solution for it? Thanks
Click to expand...

This is the exact same issue I am having. Old CAC worked fine, but the new one doesn't have certificates I can see on a mac. When I use the same card reader and cac on a PC it works fine, the certificates show up and I can access sites. What would keep the certs from showing on my mac when the CAC is showing up in keychain access and I can even enter my pin to unlock the CAC? Thanks for anyones insight on this.
 
Okay- looks like there are two new CAC cards out there that may cause this to happen: from the website: http://militarycac.com/apple.htm

"NEW: If your new CAC [the one you were just issued] does not work, you may have received one of the new PIV II CAC's. You can tell if yours is this type by looking on the back at the top for either of these: "Gemalto TOP DL GX4 144K" or "Oberthur ID One 128 v5.5 Dual." A possible fix for you is to download the updated TOKEND from MAC OS FORGE.org download the CAC-NG (BETA v0.96)
INFORMATION: The Smart Card Services Project Team is pleased to provide access to the*BETA* for CAC Next Generation (a.k.a. CAC-NG) Tokend support for Mac OS X 10.5 "Leopard". Support for Snow Leopard is forth coming, but you can proceed to test with your Mac OS X 10.5.6+ machines with this installation."

Unfortunately I fall in the category that is still out of luck since I am running snow leopard, but they (Mac OS Forge) say they are working on a beta for snow leopard.
 
Same problem...

Scoop57 said:
Guys,

First post as I just got my first Mac Last week. Overall I love it, but can not get it to work with any Navy CAC required sites. I am running OS 10.6.2 and have a SCR 331 CAC reader. I have followed all the instructions from this very informative website:

http://militarycac.com/apple.htm

but I still can not get it to work. The Card reader works, recognizes my password but will not access the websites. When I look at my certificates all three show up and I have listed the URL to all three via the "New Identify preference" option.

One thing that I did not do was upgrade/check the software for the card reader because it appears to work and I was told I would not need to.

I am considering using Windows via Bootcamp because I absolutely need access to these sites but I really don't want to do that.

Two questions:

Any ideas?
Will Apple provide any support regarding CAC issues?

Thanks Scoop57.
Click to expand...

I have the exact same problem...can anyone help?
thanks
 
New CAC

paddlefu said:
Right now I have no certificates to which I can associate a URL. When I access my CAC in keychain access, there is simply nothing under the CAC - the reader recognizes the CAC, but sees no certificates of any kind.

So I'm guessing the new root certificate is probably the solution. My new CAC has the CA-24 on it, so would I need to delete the current root CA's (DOD Root CA 2 and DoD Class 3 Root CA) and get them from a website or something or am I way off? i.e. if my reader isn't seeing any certificates, is my problem far bigger? Thanks again for the help
Click to expand...

I don't know that I can help you...But, hopefully this information may be able to help someone else. This CA-24 is new and has caused several issues. A PC uses a software called ActiveClient which can be downloaded off of the Navy Reserve website. The reason i bring this up is because the 6.1 version of this software doesn't recognize the CA-24 either. It requires the 6.2 version of the software to recognize this new CAC. Unfortunately, I do not have a CA-24 card, or else I would be able to further investigate. I hope this can help your or someone else.
 
MacBook Pro (PPC) and New Cards

Hi, everyone:

I'm helping my son get his Mac working to recognize his new CAC. He has my old MacBook Pro, running 10.5.8. I have upgraded the firmware on his card reader (SCR331) to 5.25. On the site militarycac.com/apple, I found a link to a Tokend (beta version) to get around the problem of the new cards. I downloaded it to my Mac (Intel MacBook Pro) and the card is recognized by Key Chain Access. However, his Mac is PPC and the beta software does not work there. Are there any other workarounds for these new cards? I can't find any contact information for the development team at Mac OS Forge.com to ask about PPC versions. Does anyone else have this same problem? Any comments will be very much appreciated.

Thanks,

Marty Hewlett
 
Put Safari into debug mode... tell server-side that's it's IE 7.0

FYI...

To allow safari to access some of the .mil sites:

  • put it into debug mode
    in a terminal: >defaults write com.apple.Safari IncludeDebugMenu 1
  • setup safari to tell the server-side that it's IE7.0 ...

This should allow you to use safari and your cac on .mil sites that expect IE... most of the time.

R
 
resq23 said:
Okay- looks like there are two new CAC cards out there that may cause this to happen: from the website: http://militarycac.com/apple.htm

"NEW: If your new CAC [the one you were just issued] does not work, you may have received one of the new PIV II CAC's. You can tell if yours is this type by looking on the back at the top for either of these: "Gemalto TOP DL GX4 144K" or "Oberthur ID One 128 v5.5 Dual." A possible fix for you is to download the updated TOKEND from MAC OS FORGE.org download the CAC-NG (BETA v0.96)
INFORMATION: The Smart Card Services Project Team is pleased to provide access to the*BETA* for CAC Next Generation (a.k.a. CAC-NG) Tokend support for Mac OS X 10.5 "Leopard". Support for Snow Leopard is forth coming, but you can proceed to test with your Mac OS X 10.5.6+ machines with this installation."

Unfortunately I fall in the category that is still out of luck since I am running snow leopard, but they (Mac OS Forge) say they are working on a beta for snow leopard.
Click to expand...

This was a lot of help. My CAC was showing up as empty, and as a result, I was unable to access ANY of the sites I needed (on the mac anyway). Downloaded the beta, restarted - boom! Good to go. Thanks.
 
DoD CAC on Mac

I have been reading through this thread and I have experienced many of the same problems. Unfortunately I didn't see them until recently. I have been using a Macbook for about 3 years now and just recently upgraded to a Macbook Pro. When I upgraded my old Macbook to OS X 10.5.6 I found out that it does not support the newer CAC cards. To alleviate this I purchased Snow Leopard and then followed the instructions here: http://militarycac.com/apple.htm

By following these instructions step by step you should be able to get your CAC to work. I have used it on 2 different Macbooks with great success.

Hope it helps :)

p.s. I am also very PRO getting Apple to make the CAC just plain work with a Mac!
 
solution to missing certs on new CAC

I had same issue with new CAC not showing certs. Currently running OS 10.6.4 with a SCR 331 card reader. Followed directions found on MilitaryCAC.com under Snow Leopard directions:

"PKard is the only solution [with support] for all CACs, and specifically if you have an Oberthur ID One 128 v5.5 Dual & some 5.2a CACs.
You may purchase from Thursby Software "

http://www.thursby.com/products/pkard.html

From this, I went to Thursby Software and purchased the PKard for $30.00. Loaded it and it worked the first time on NMCI email and NKO. :):D I figure the cost of the software is tax deductible since it is obviously required for work. Anyway, I'm up and running finally.
LT D
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back