1) Quit Safari completely
2) Insert card and open Keychain Access.
3) Select the CAC keychain.
4) Select “My Certificates” from “Category” on the sidebar.
5) Right click on the certificate you need to authenticate with (usually the Identity or email signing cert) and select “New Identity Preference”. You can use the triangle by the certificate to expand it and view its type.
6) Enter the URL for the site. (** make sure you add the “/” at the end of the URL)
NOTES :
The certificate, Identity or Email Signing, selected in step 5 above may be determined by the website. If the first certificate selected does not work, please select the alternate and re-attempt to access the website.
The identity preference can be picky about the URL used. Here are a few examples below. If a site is found that has an issue, please notify the AGM Help Desk agm.support@us.army.mil. We will build a list of sites with known issues as they are reported.
Site – AKO
Certificate – Identity
ID Pref URL - https://akocac.us.army.mil/
Site – JTF-GNO
Certificate – Email signing
ID Pref URL - https://www.jtfgno.mil
Apple Knowledge Base Article: HT1679
Last Modified: June 30, 2008
14 Responses to “Setting up Safari for CAC login to DOD websites”
Leave a Reply
You must be logged in to post a comment.
Loading ...
June 29th, 2009 at 8:32 am
For Snow Leopard (10.6) now go in to Keychain Access and just put the following:
https://*.us.army.mil or https://*.army.mil
November 11th, 2009 at 6:05 pm
Hopefully someone will help. I followed the instructions as listed above – it still doesn’t work. The CAC reader, a SCR331, just sits there and blinks when the card is inserted. It’s like it is waiting on OS X to do something – help! I am on a MacBook, 13.3″, OS X 10.5.8.
November 12th, 2009 at 5:48 am
Did you also try the first comment? I believe in 10.5.8 you can actually do:
https://*.us.army.mil or https://*.army.mil
Also make sure you are selecting the correct certification. Also, What DOD website are you trying to make an identity preference for?
November 12th, 2009 at 7:09 am
I tried your last suggestion – it didn’t work. The reader’s access light blinks constantly when the card is inserted into the reader. However, the reader works according to all of the Mac’s built in diagnostics. When I remove the card, the light goes to a steady state and the CAC cerificates disappear from the keychain access – I think the reader is ok, just a communication problem between OS X and the reader.
I have a document that was written at the Naval Postgraduate school, “CAC for Mac”. I have noticed that X509 shows up in there – Go|Utilities|Keychain Access. Then Edit|Keychain list. Click show and switch to Mac OS X (System)
As for your last question, I am trying the AKO website – as a medically retired US Army vet/ Department of the AF employee I have an account. After I get the AKO working, I need to get on the AF Portal – sister to the AKO. Finally, I am doing an Online Master’s program through the AF’s Air University. They are moving to CAC access in the future. I need to get my Macs working with the Card.
One last thing, I have a 20″ iMac running OS X 10.4.11. The reader blinks on that Mac as well. I called SCM but since I could flash the reader to 5.25, we agreed there was nothing wrong. He gave me this link.
Thanks for your help.
November 12th, 2009 at 7:16 am
Try this link http://www.army.mil/AKO/info/guides/CACconfig/setup/index.html This says the same thing as CAC for Mac. The thing dealing with X509 certificates shows up close to the bottom of page 2. I think that is my problem.
November 12th, 2009 at 7:17 am
10.4 won’t really work. What is the type of card that you have? It should say on the back, for example mine says GEMAL. I know there is a outstanding issue with CAC2 CACs. Also, go to keychain and make sure your cert. on your CAC are Valid, if it doesn’t say valid you might not have the cert installed.
November 12th, 2009 at 7:31 am
I also got another type of card reader. I got tired of dealing with the stupid firmware issues… Mine is from GEMPlus. http://bit.ly/aonUg
November 12th, 2009 at 7:32 am
I meant GEMP Twin
November 12th, 2009 at 8:33 am
The certs are valid, I just had to renew the card in April.
Mine also says GEMAL. I’m beginning to think that this is the reason why SCR331s are cheap. However, they are the standard at work. The card you linked to – do they do government-issued CAC cards? I did not see that information on the page.
November 12th, 2009 at 8:43 am
They do.. I have 2 of these card readers. As long as it follows the CCID standard it will work on a Mac. Actually my friend at Apple that does the Security suggested this reader.
November 12th, 2009 at 9:19 am
Great that’s all I needed to hear. If an Applke employee recommends, then it must be ok. I will order and comment after it comes.
Thanx!
November 17th, 2009 at 3:59 pm
Hey Apple MacGenius:
Where did you get your card reader. I tried USA Smartcards.com but no one is there.
November 17th, 2009 at 4:08 pm
You can try these places:
http://www.howardcomputers.com/accessories/detail.cfm?source=googlebase&id=S4872448
http://cgi.ebay.com/GEM-PC-TWIN-SMART-CARD-READER-USB-%1a-NIB!_W0QQitemZ320427745749QQcmdZViewItem?rvr_id=&itemid=320427745749
Also try to google search for “GemPC Twin Smart Card Reader”
December 27th, 2009 at 7:52 pm
AppleMacGenius:
I received my GEMP Twin card reader a couple weeks ago. When I connected it to my MacBook, it flashed the LED until I put my CAC in then it glowed steady. I couldn’t get it to work. I thought I would wait until I had more time.
I hooked it up tonight and it flashed as before; however, when I put my CAC in, it still flashed the led. Additionally for step 3 in the above process I won’t read the CAC.
Any ideas?