Search MilitaryCAC:

Site Map

top
 MilitaryCAC.com logo

.com | .us | .ml  | .mobi | .net | .org


The Definitive Source for Everything CAC

Common Access Card help for your  Personal Mac Computer

Also available at:

https://MilitaryCAC.com

Please ShareThis website with your friends and colleagues

Make a Donation button image

 

 

 

ASSISTANCE FOR APPLE USERS 

 

MOST of the questions we receive can be corrected / answered by you trying these ideas first: 

 

1.  Please relook at the Mac CAC Install page for instructions on how to install what is needed to use a CAC on a Mac.

 

2. If you have already installed the needed program (based on the link in #1 above) or are having problems accessing websites you have successfully accessed previously, follow this page to learn how to clear the login section of your keychain.

.

3.  If you have an SCR-331 CAC reader, you may need to update the firmware to be able to use this older reader on your Mac.  There is no guarantee it will work, it is an option to try before purchasing a new reader.

 

4.  If you have an IOGear GSR202, GSR202V, or GSR203 CAC reader and are having problems using it.  You may need to downgrade the firmware on it [using a Windows computer (or Boot camped Mac)] by following these instructions.

 

4a.  If you have the SCR-3500A USB CAC reader, and trying to use it on 10.11.x, you will need an updated driver, and may have to disable SIP

 

4b.  If you have the ACR-3801, 38, 38U, or 39 CAC reader, you need to update the driver.

 

5.  Please know not every CAC enabler will with work with specific versions of Mac OS.  The link in this sentence has a graph to show you which ones will work for your specific version of Mac OS.

 

6.  Follow instructions for loading the DoD Intermediate certificates into your keychain Please NOTE, this used to not be needed, but with newer CACs being issued, this is becoming a requirement now.

 

7.  If DTS is not working, please follow ideas on the DTS support page.

 

8.  If you purchased and installed PKard and are having problems, contact Thursby for support

 

8a.  If you installed Centrify Express and are having problems when using it, contact Centrify for support

 

8b.  If you purchased and installed Charismathics Smart Security Interface (CSSI) and are having problems, contact Charismathics for support

 

9.  If you have recently updated to 10.11.x (El Capitan) from a previous version [and you were successfully using your CAC prior to], you should uninstall your CAC enabling program[s], restart computer, then install a new version of your CAC enabler.  Look at the CAC enablers page to see which CAC enablers are compatible with 10.11.x.  Also follow #2 above

.

Others have also had to disable Apple's SIP (System Integrity Protection).  It removes root rights to all system files.  So, any driver not signed by Apple will not be allowed to install.  To turn this off, please look here.

.

9a.  If you've just updated your Mac OS from 10.11.3 to 10.11.4 and your SCR 331, 3310, 3300v2, or 3500 model reader has stopped working, you may need to update the driver per https://forums.developer.apple.com/message/127598#  You'll see in epeterso's 29 March reply where it has a link to the scmccid_mac_5.0.35.zip file. Hold the control key [on your keyboard] when clicking the .pkg file [with your mouse], select [the word] Open

 

10.  You receive "Error Code: 500 Internal Server Error.  The server denied the specified Uniform Resource Locator (URL).  Contact the server administrator. (12202)."  Or your system worked recently, but has since stopped working for webmail / OWA, try these ideas: 

10-1.  Make sure you select your EMAIL certificate [for most users] and PIV certificate [for Dual Persona users].  IF you have selected the wrong certificate, you will need to clear your keychain.

10-2.  Close all open browsers, reopen one and try accessing the site again.

10-3.  Clear your keychain, uninstall all CAC enabling programs, restart computer, reinstall one CAC enabling program, restart computer and try again.  You may want to try a different CAC enabling program as well.  

10-4.  Follow #6 above

10-5.  If you are considered Dual Persona, you'll need to review this chart to select one of the four known CAC enablers that support the PIV certificate. 

.

11.  If you are having problems logging onto all CAC websites [and you can see your name entry between the words: keychain and login in Keychain access] you may have blocked your CAC.  Only PKard and Centrify will let you verify a blocked CAC on a Mac, otherwise, you'll need a Windows computer (or virtual Windows) via ActivClient (or built in Smart Card program) to see if your CAC is blocked.  If your CAC is blocked, your only option is to visit an ID card office to get the card unblocked.

 

12.  If you see "f5, Your session could not be established"

f5 error image

when logging into your Enterprise Email, clear your keychain and try again.  You can also "Remove All Website Data" found under Safari, Preferences, Privacy.  If that does not work, try again later.  Remember to select your Email certificate [unless a dual persona, you'll use your activated PIV cert].  If your PIV is not already exposed, you'll need to find a Windows 7 computer that is setup for CAC and activate your PIV via these instructions.

.

13.  If you want to open / work on an NCOER (or any other PDF-F files) you need to have Adobe Reader installed on your Mac and make it your default PDF viewer.  By default your Mac uses Viewer to open PDFs, which will not allow digital signing.  You'll need to save the PDF-F to your computer, then open it.

 

14.  If you are having problems accessing CAC enabled websites, try disabling your Antivirus / web protection, if this works.. please follow the information below to let your AV allow access to the CAC enabled websites:

Avast users can do this:  disable your web blocker, restart browser and try to access the website again.  You might try Adding *mail.mil* [and any other websites you can't access] to the Exclusions section of Main Settings, read guidance here.   More information about what Avast is doing can be read here.

AVG users follow their guidance by adding https://*.mail.mil to the exceptions list

Bitdefender users may need to uninstall the program and find a different Antivirus program

Kaspersky users follow their guidance by adding https://*.mail.mil to the exceptions list

McAfee users follow their guidance to add https://*.mail.mil

 

15.  If you have recently purchased an SCR-3500 reader and it has a Part number of 905430-1 (sometimes shows as SCR-3500A) install this updated driver Hold the control key [on your keyboard] when clicking the .pkg file [with your mouse], select [the word] Open

 

16.  Some of the same "bad certs" that have caused problems for Windows users are now showing up in the keychain access section on Macs.

 

image   DoD Interoperability Root CA 1   certificate
image   DoD Root CA 2   certificate
image   SHA-1 Federal Root CA   certificate

 

If you see the listed certificates, delete them, Once these certs are deleted, close keychain.  Instructions can be read on the Keychain page

 

new imae17. If you can no longer sign PDFs with your CAC since upgrading to 10.11.6, please follow advice in this link:  https://forums.adobe.com/message/8920018#8920018  You'll need to use CACkey, as it is the only one that the temporary work around works with.  So, if you are using another CAC enabler, follow #9 above regarding uninstalling your CAC enabler, then installing CACkey

 

 

 

 

If you are a Windows user (or using Windows in a Virtual Machine or Bootcamp), go here for support.  (Please do NOT use the form below for Windows questions).

 

Please provide the correct information asked in the form below.  The intent is to reply to you with correct ideas for you to try.  We may offer incorrect ideas to fix your issue if you provide incorrect information below.

 

PLEASE COMPLETE THIS FORM FOR Mac SUPPORT ONLY

Windows Users go here

Linux Users go here

 

The 4 current CAC Types are...

(Look at the back of your ID card above the black strip for any of these.  If you have any other version, you need to visit an ID card office and get it replaced.  All CACs other than these four were "supposed" to be replaced by 1 October 2012).

A guide to help figure out which CAC you have

Gemalto 144 CAC GemaltoDLGX4-A144 image Oberthur 5.5 CAC image G&D FIPS 201 SCE 3.2

Which CAC do I have video

Read more about the older CACs and replacing them

back to top

 

Contact us the following ways:

1. Contact form above (Preferred method)

2. Email:  Click to solve reCAPTCHA to see email address

3. CALL / TEXT / Skype / FACETIME  
4. Through remote access to your computer

 

If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Disclaimer

 

ACRONYM Reference Page

 

GoDaddy Site Certified seal

 

Last Update or Review:  Friday, 23 September 2016 08:57 hrs

 

The following domain names all resolve to the same website:  ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us