Common Access Card

This page illustrates how to setup Arch to utilize a US Department of Defense Common Access Card (CAC). It was tried with a SCR331 USB card onlooker which is an extremely normal one. Others might work…or not. Check out this website for more information on Common Access Cards http://cac-reader.com/cac-card-reader/

Substance [hide]

  1. Software Installation
  2. Configuring Firefox
  3. Enabling Firefox to utilize the CAC Reader
  4. Importing the DoD Certificates
  5. Testing

Programming Installation

Institute pcsclite and ccid from [community] and institute cackey.

Empower pcscd sudo systemctl empower pcscd

Reboot-or-sort sudo systemctl begin pcscd in a terminal to empower the savvy card onlooker.

Institute the last form of cackey.

Institute the last form of the DoD Configuration growth for Firefox. (http://www.forge.mil/Resources-Firefox.html)

Connect to the card onlooker without a card embedded. The SCR331’s light might as well turn on (not blazing).

Put a CAC into the onlooker and verify regardless on the SCR331) that the light begins glimmering. In the event that it does, its set up rightly.

NOTE: You should log in utilizing a CAC card to gain entrance to the cackey record. This may need you to download it on a seperate machine and exchange the record.

Designing Firefox

  1. Empowering Firefox to utilize the CAC Reader
  2. Embed CAC into viewer -the green light may as well glimmer on the SCR331.
  3. Add CAC Reader to Firefox as a Security Device
  4. Head off to Edit->Preferences on the toolbar.
  5. Click on Advanced
  6. Click on the Encryption Tab
  7. Click on the Security Devices Button
  8. Click on the Load Button
  9. Drop in CAC Reader as the module name, and scan to /usr/local/lib/libcackey.so then click Open.
  10. Importing the DoD Certificates

Provided that you have introduced the DoD Configuration development for Firefox you can utilize it to import the proper declarations.

Devices > Addons > Extensions > DoD Configuration > Preferences

In the event that you’re utilizing a marked form of Firefox you ought to have the ability to head off to http://dodpki.c3pki.chamb.disa.mil/rootca.html and click on the large amount endorsements to fix them and be finished.

In the event that you’re utilizing Namoroka this site won’t distinguish it as Firefox and basically clicking on the connection above won’t get you into the site. You can work around this issue (which influences some different online sites too) by altering Namoroka’s arrangement a bit.

  1. Open another tab in Namoroka
  2. Sort about:config in the location bar and press drop in
  3. Sort "useragent" in the hunt box
  4. Twofold click on the quality where you see "Namoroka"
  5. Change "Namoroka" to "Firefox"
  6. Shut the tab

When you get into the website, you can download the endorsements by taking after the headings on the page. http://cac-reader.com/

The essential root authentication utilized has a CN of "DoD Root CA 2": this endorsement could be changed over to PEM design for utilization in different browsers:

Download the CA bunch. This incorporates pretty nearly 36 authentications. $ bend-O http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.p7b

Separate the root endorsement into a PEM-organized record.

$ openssl pkcs7 educate DER-in rel3_dodroot_2048.p7b-print_certs | sed-n ‘/subject=.*CN=DoD Root CA 2/,${/^$/q;P;D}’ > DoD_Root_CA_2.pem