Whenever you upgrade your operating system (OS), you will need to CAC-enable (i.e. Public Key Enable) the system all over again. You should refer to the instructions and downloads available from the web pages under Getting Started for End Users (Mac) on DISA's Information Assurance Support Environment (IASE) website. You will need middleware to use your CAC on OS X. The instructions on IASE will direct you to Smartcard Services (middleware) downloads from Mac OS forge. Smartcard Services will work for most CACs and readers, however, if you do not see your CAC keychain in the Keychain Access.app after installing the Smartcard Services package and inserting your CAC in the card reader, then I recommend using another free middleware called Centrify Express.
Sierra is the last of the Mac OS’s that has a built-in Smart Card Reader. However, you need to be aware that this reader will not function with the Safari browser even with the proper certificates. You’ll need to utilize Google Chrome along with the proper DOD (or other) certificates. “Department of Defense (DoD) Public Key Enabling (PKE) and the DoD Public Key Infrastructure (PKI) Program Management Office (PMO) have received several reports from DoD services about DoD certificates chaining improperly to cross-certificates or the Common Policy Root Certificate Authority (CA). When this occurs on DoD systems, PKI.
Aside from installing middleware, you need to download and import the DoD Root and Intermediate Certificates in your Keychain Access. Most of the DoD certificates are available if you add the 'SystemCACertificates' keychain using the File > Add Keychain option and navigating through the folders to Macintosh HD > System > Library > Keychains. You need to download and import a few certificates into the 'login' keychain, such as DOD ROOT CA 2 (3 certificates total), DOD ROOT CA 3, and any intermediate certificates that issued the certificates on your CAC, which are greater than DOD CA-30 (such as DOD CA-31, DOD EMAIL CA-31, DOD CA-32, DOD EMAIL CA-32, DOD ID CA-33, DOD EMAIL CA-33, DOD ID CA-34, DOD EMAIL CA-34, etc.). Go to the Cross-Certificate Chaining Issue page to download two zip files (i.e.Certificates_PKCS7_v4.1u4_DoD.zip and unclass-irca1_dodroot_ca2.zip, then use the File > Import Certificate option to add the certificates to the 'login' keychain. All DoD Intermediate Certificates are available for download (one-by-one) from the DoD PKI Management website at https://crl.gds.disa.mil/ (download the Certificate Authority Certificate, not the Certificate Revocation List, i.e. CRL) for each certificate.
Dod Root Certificates For Mac
Dod Certs Mac
Dod Cac Certificates For Mac
Company: Southwest I.T. Solutions
Dod Root Certificates For Mac
Mar 13, 2016 9:22 PM