How to download certificates for cac reader on mac

.com | .us | .ml | .mobi | .net | .org

Be notified of
page updates
powered by
ChangeDetection

NOTE:

Mac OS Monterey and Ventura look more like iOS, which is why this special page was created

6 "high level" steps needed, follow down the page to make this a painless systematic process

1. Is your CAC reader "Mac friendly"?
2. Can your Mac "see" the reader?
3. Verify which version of Mac OS you have
4. Figure out which CAC (ID card) you have
5. Install the DoD certificates
6. Troubleshooting Section

Step 1: Is your CAC reader Mac friendly?

Visit the USB Readers page or USB-C Readers page to verify the CAC reader you have is Mac friendly.

"Some, not all" CAC readers may need to have a driver installed to make it work.

Step 2: Can your Mac "see" the reader?

Plug the CAC reader into an open USB port before proceeding, give it a few moments to install

Step 2a: Click the Apple Icon in the upper left corner of the desktop, select "About This Mac"

Step 2b: Click "More Info. " (button), (image is from an Intel based Mac, screen will look similar with an M processor)

Select "General", then "System Report. "

Step 2c: Verify the CAC reader shows in Hardware, USB, under USB Device Tree. Different readers will show differently, most readers have no problem in this step.

Step 3: Verify which version of MacOS you have?

Step 3a: Click the Apple Icon in the upper left corner of your desktop and select "About This Mac"

Step 3b: Look next to macOS for: Example: Ventura 13.0.1 (image is from an Intel based Mac, screen will look similar with an M processor)

Step 4: Figure out which CAC (ID Card) you have

Look at the top back of your ID card for these card types. If you have any version other than the seven shown below, you need to visit an ID card office and have it replaced. All CACs [other than these six] were supposed to be replaced prior to 1 October 2012.

Gemalto 144 CAC image GemaltoDLGX4-A 144 image
Oberthur 5.5 CAC image
Oberthur 5.5a CAC G&D FIPS 201 SCE 3.2
Stop Gap CAC image

Find out how to flip card over video

Step 5: Install the DoD certificates (for Safari and Chrome Users)

Go to Keychain Access

Click: Go (top of screen), Utilities, double click Keychain Access.app

(You can also type: keychain access using Spotlight (this is my preferred method))

Select login (under Default Keychains), and select All Items

Download each of the 4 files via links below (you may need to click Allow on each link) Save to your downloads folder

Please know. IF You have any DoD certificates already located in your keychain access, please delete them prior to running the AllCerts.p7b file below.

Double click each of the files to install certificates into the login section of keychain

Select the Kind column, verify the arrow is pointing up, scroll down to certificate, look for all of the following certificates:

DOD DERILITY CA-1,

DOD DERILITY CA-3 through CA-4

DOD EMAIL CA-62 through DOD EMAIL CA-65,

DOD EMAIL 70 through 73,

DOD ID CA-62 through DOD ID CA-65,

DOD ID CA-70 through 73,

DoD Root CA 3 through DoD Root CA 6,

DOD SW CA-60 through DOD SW CA-61,

DOD SW CA-66 through DOD SW CA-69, and

DOD SW CA-74 through 77

NOTE: If you are missing any of the above certificates, you have 2 choices,

1. Delete all of them, and re-run the 5 files above, or

2. Download the allcerts.zip file and install each of the certificates you are missing individually.

You may notice some of the certificates will have a red circle with a white X . This means your computer does not trust those certificates

You need to manually trust the DoD Root CA 3, 4, 5, & 6 certificates

Double click each of the DoD Root CA certificates, select the triangle next to Trust, in the When using this certificate: select Always Trust, repeat until all 3 do not have the red circle with a white X.

You may be prompted to enter computer password when you close the window, afterwards it will now show as trusted

Once you select Always Trust, your icon will have a light blue circle with a white + on it.

The "bad certs" that have caused problems for Windows users may show up in the keychain access section on some Macs. These need to be deleted / moved to trash.

The DoD Root CA 2 & 3 you are removing has a light blue frame , leave the yellow frame DoD Root CA 3 version. The icons may or may not have a red circle with the white x

image or DoD Interoperability Root CA 1 or CA 2 certificate
DoD Root CA 2 or 3 (light blue frame ONLY) certificate
image or Federal Bridge CA 2016 or 2013 certificate
image or Federal Common Policy CA certificate
or image or SHA-1 Federal Root CA G2 certificate
image or US DoD CCEB Interoperability Root CA 1 certificate

If you have tried accessing CAC enabled sites prior to following these instructions, please go through this page before proceeding

Please come back to this page to continue installation instructions.

Try to access the CAC enabled site you need to access now.

When you plug your reader in, you will see a message like this

Click the little white X, if you Pair, you risk the chance of blocking your card:

Mac OS Ventura finally gives us the number of PIN tries remaining if you enter your PIN incorrectly

If you have problems, please follow images below to verify if your CAC is being read by your computer

Click the Apple Icon in the upper left corner of the desktop, select "About This Mac"

Click the "System Report. " button (image is from an Intel based Mac, screen will look similar with an M processor)

Scroll down the left column to the "Software" section then click on "SmartCards"

If you see hundreds of lines of "gibberish" these are your certificates being read from your CAC.

Example of CAC not being read. You'll only see roughly15 lines of text.

Idea #1 to try: Re-enable your native smart card support via instructions here: https://militarycac.com/macuninstall.htm#re-enable

Idea #2 to try: It could mean your CAC reader needs a driver or firmware update. Look for your reader on the CAC readers page to verify if your reader and CAC combination is compatible with each other.

Mac support provided by: Michael Danberry

If you have questions or suggestions for this site, contact Michael J. Danberry

Last Update or Review: Wednesday, 08 November 2023 20:43 hrs

The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us