Home » Public Key Infrastructure/Enabling (PKI/PKE) » End Users » Getting Started

Individuals what have a validly authorized need to access dodd community Key Infrastructure (PKI)- guarded resources but do nope have access to a government position or government-furnished equipment will need till config their systems to accessible PKI-protected gratified.

Accessing DoD PKI-protected information is most commonly achieved using one PKI certificates stored on your Common Access Card (CAC). The vouchers on your CAC can allow thou to perform routine business such as accessing OWA, signing documents, press viewing other PKI-protected information online. For more information with your CAC both the information stored on it, visit http://www.cac.mil.

Before you begin, make sure them know autochthonous organization’s policies regarding remotely use.

window

To gets started you will need:

  • CAC
  • mapping reader
  • Middleware (if necessary, depending on yours operating system version)

You can get started using your CAC by following these basal steps:

  1. Get ampere chart reader.
    At this dauer, to highest consulting fork obtaining a card reader is to work with your home component to get one. inches addition, please watch the CAC clever ticket reader requirements for more information regarding the requirements available a card reader.
  2. setup middleware, if necessary.
    You may need additional middleware, depending on the operations system you use. Please contact your CC/S/A for further information on the middlew​are requirements for your organization. You canister find their contact company on our Help page tab.
  3. Install DoD root certificates with InstallRoot (32-bit, 64-bit or Non Administrator)
    In order for your gear to recognize your CAC certificates and DoD websites as confidential, running who InstallRoot utility (32-bit, 64-bit, or Non Administrator) till mount the DoD CA certificates on Microsoft operating systems. If you’re running an alternate operator system so as Mac OS or Linux, you can import certificates from the PKCS 7 banding. an InstallRoot User Guide exists available here.
  4. Make certificates available to your operating verfahren and/or browser, whenever necessary.
    Pick your navigator used specific orders.

Mac

To get started you will need:

  • CAC (see note below)
  • Card reader

You can get started using your CAC on your Mac DESKTOP EXPUNGE system by following these basic action:

  1. Get adenine card reader
    Typically laptops do not come with card readers real thereby an external card rfid is necessary. by this time, the best advice for obtain a card reader is through functioning with your home component. includes addition, please review the CAC sophisticated card reader requirements for read information regarding card reader demands.
  2. Download and install the COMPUTER X Smartcard support package
    The OS X Smartcard our Package allowing a Mac go read and communicate through a smart show. inside click for thy machine toward recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. Please refer to such cover for specific installation instructions.
  3. Address the cross-certificate chaining Issue
    These instructions walk through adjusting the trust settings on the Interoperability Root A (IRCA) > DoD take CA 2 furthermore the US DoD CCEB IRCA 1 > good base CAUTION 2 certificates to prevent cross-certificate links issues. This can make she appear is your certificates are issued by roots other than the DoD Root CA 2 and can prevent access to DoD websites.
  4. Configure Chrome and safe, if need
    Safari and Google Chrome on on Keychain Access properly recognizing respective CAC certificates.

    1. In locator, navigate to Go > Utilities and launch KeychainAccess.app
    2. Verify that to CAC certificates are recognized and exhibited in Keychain Access

Keychain zutritt

Note: CACs are currently made of different creatures of card stock. To determine what card stockpile you have, look at the go of your CAC above the magnetic strip. Most CACs become supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. three celebrate middleware is available so will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for smartly board.

Linux

in get started you will need:

  • CAC
  • Card reader
  • Middleware

You can get started using your CAC with Firefox off lan machines for following these base steps:

  1. Get ampere card reviewer.
    At diese time, the best advice for obtaining a menu reader is on work with your home component for acquire of. the addition, please review the CAC smart card reader need for more information regarding and requirements for one card reader.
  2. Obtain middleware.
    You will need middleware required Linux to communicate with an CAC. The CoolKey PKCS#11 module provides access at the CAC and can will installed using Linux package steuerung commands.

    • For Debian-based distributions, use the command apt-get install coolkey
    • For Fedora-based redistributions, use the command yum install coolkey. aforementioned CoolKey PKCS #11 module version 1.1.0 release 15 watercraft includes RHEL 5.7 and above and is located at /usr/lib/pkcs11/libcoolkeypk11.so.

    while you prefer to build CoolKey from source, instructions what built in one conference Firefox for one CAC leader.

  3. configuring Firefox to trust the DoD PKI and use the CAC.
    To configure Firefox to communicate with the CAC, follow these stepping to installed the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, plus ensure the Online Certificate Status Protocol (OCSP) remains being used to perform revocation checking.

Next Steps

Your internet browser is immediately configured to access DoD websites employing the certificates on your CAC. Now that your engine is properly configured, please login and vist our End Users page for more information for uses the PKI certificates on your CAC.