Common Access Card

From ArchWiki
Revision as of 22:01, 3 November 2009 by Brianhanna (Talk | contribs) (Created page with '=Common Access Card Setup= This page explains how to setup Arch to use a US Department of Defense Common Access Card (CAC). It was tested with an SCR331 USB card reader which i…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Common Access Card Setup

This page explains how to setup Arch to use a US Department of Defense Common Access Card (CAC). It was tested with an SCR331 USB card reader which is a very common one. Others may work...or not.

[HAL] is required by the CAC software so it should be installed before continuing.

Software Installation

Install pcsclite, ccid, and coolkey in that order. PKGBUILDS for these can be found in the [AUR].

Add pcscd to the daemons section of your rc.conf.

Reboot -or- type pcscd in a terminal to enable the smart card reader.

Plug in the card reader without a card inserted. The SCR331's light should turn on (not flashing).

Put a CAC into the reader and make sure (at least on the SCR331) that the light starts flashing. If it does, it's set up correctly.

Configuring Firefox

Enabling Firefox to use the CAC Reader

Insert CAC into reader - the green light should flash on the SCR331.

Add CAC Reader to Firefox as a Security Device

Go to Edit->Preferences on the toolbar.
Then click on Advanced
Click on the Encryption Tab
Click on the Security Devices Button
Click on the Load Button
Enter CAC Reader as the module name, and browse to /usr/lib/pkcs11/libcoolkeypk11.so then click Open.

Importing the DoD Certificates

You should be able to go to http://dodpki.c3pki.chamb.disa.mil/rootca.html and click on the high-level certificates to install them and be done.

However, this site for some reason doesn't recognize Shiretoko as Firefox. There are probably many ways around this but the one that was tested was to install the User Agent Switcher extension in Firefox (Shiretoko) along with a profile that identifies as Firefox 2.0 in Windows XP. Using an Internet Explorer profile will not work correctly because the site takes you to a page made to help you automatically install the certificates based on the browser you're using. Once you get into the site, you can download the certificates by following the directions on the page.

Testing

Visit your favorite CAC secured web page and you should be asked for the Master Password for your certificate. Enter it and if you get in, you know it's working.