These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA 2 and the US DoD CCEB IRCA 1 > DoD Root CA 2 certificates to prevent cross-certificate chaining issues. Address the cross-certificate chaining Issue.Please refer to this page for specific installation instructions. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card.
In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements. At this time, the best advice for obtaining a card reader is through working with your home component. Typically Macs do not come with card readers and therefore an external card reader is necessary.
You can get started using your CAC on your Mac OS X system by following these basic steps: Pick your browser for specific instructions. Make certificates available to your operating system and/or browser, if necessary.The InstallRoot User Guide is available here. If you’re running an alternate operating system such as Mac OS or Linux, you can import certificates from the PKCS 7 bundle. In order for your machine to recognize your CAC certificates and DoD websites as trusted, run the InstallRoot utility ( 32-bit, 64-bit or Non Administrator) to install the DoD CA certificates on Microsoft operating systems. Install DoD root certificates with InstallRoot ( 32-bit, 64-bit or Non Administrator).You can find their contact information on our Contact Us tab. Please contact your CC/S/A for more information on the middleware requirements for your organization. You may need additional middleware, depending on the operating system you use. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader. You can get started using your CAC by following these basic steps:Īt this time, the best advice for obtaining a card reader is to work with your home component to get one. Middleware (if necessary, depending on your operating system version).There are no other special requirements that are associated with installing smart card reader drivers.įor general information about device installation in Windows, see Device Installation Overview.
UmdfKernelModeClientPolicy=AllowKernelModeClients Specifically, in the driver INF file, this entry is needed:
Vendors that supply their own UMDF reader driver need a registry setting to allow PnP filter drivers to sit on top of the UMDF reflector. HKLM, System\CurrentControlSet\Services\CertPropSvc,Start,0x00010001,2 HKLM, System\CurrentControlSet\Services\SCardSvr,Start,0x00010001,2 HKLM, Software\Microsoft\Cryptography\Calais\Readers, Vendors must also add a section to properly configure the smartcard services. Vendors that supply their own reader drivers should make each driver a member of the SmartCardReader setup class in the INF Version Section of the driver's INF file. This section provides installation information that is specific to smart card reader drivers for Microsoft Windows.