APPLE MACINTOSH CAC ENABLER (aka MIDDLEWARE) PAGE
Follow Tables 1 through 4 below:
PLEASE READ the preliminary notes before you start:
Preliminary Information 1: Restart your computer after installing the CAC enabler before trying to access the CAC enabled site
Preliminary Information 2: Installing multiple enabling programs will cause your system to NOT work. Here's how to uninstall CAC enablers.
Preliminary Information 3: Some of the CAC enablers below will ask for a "keychain password." It is really asking for your CAC PIN. Make sure if it asks for your Keychain password after you select your CAC certificate, that you use your CAC [6-8 digit / all number] PIN.
If you block your CAC, you'll have to visit an ID card office to get it unblocked. PKard and Centrify are two program listed below that have the capability to show you when your CAC is blocked. The other enablers do not have this capability.
Table 1: See which CAC enabling program will work with your version of Mac OS
Once you've decided, go to Table 2
Note2: Need version 1.7 (or higher)
Note3: Need version 5.3.3
Note4: Need version 0.7.8
Note5: Apple computers with Mac OS Sierra and High Sierra have a "built in Smart Card ability," meaning 3rd party CAC enablers may not be needed. It may work for some DoD sites, but it seems that Outlook Web App sites don't work well with it. Read here on how to disable the built in ability to use Centrify Express, CACkey, or PKard. This should also remove the duplicate certificates to choose from.
Note6: Please let me know if any of these enablers work for you.
Note7: You'll need to disable the built in High Sierra Smart Card ability, Read here how to disable it.
Table 2: Verify the CAC enabling program you selected above will work with your specific CAC.
Once you've decided, go to Table 3
Note1: I haven't tested the CAC with this enabler. If you have one and have successfully used your CAC with the question marked enabler above, please contact me
Note2: SmartCard Services for OS X 10.9.x will ONLY work with the Gemalto TOP DL GX4 144 & G&D FIPS 201 SCE 3.2 CACs. Oberthur 5.5 & Gemalto GX4-A 144 users need to utilize a different CAC enabler.
Note3: Please let me know if any of these CACs work for you.
Table 3: Verify the CAC enabling program you selected in tables 1 & 2 is:
a. Compatible with Firefox (if you plan to use this web browser),
b. Will read your PIV cert (for Dual Persona users),
c. Will allow you to digitally sign PDFs,
d. Can show you when your CAC is blocked,
e. You want support from the vendor, or
f. You want it for free, or pay for it
Once you've decided, go to Table 4
and click the link to the CAC enabler you decided to use.
Note1: PIV cert has to already be exposed
Note2: Will see the PIV cert, but is unusable until properly exposed.
Note3: Will work with the paid version of Centrify Identity Service not the free version linked below
Note4: I am being told PKard will somehow read a PIV without it being exposed. This would mean that it would read everyone's PIV whether they needed it or not. Please let me know of your experience. This may seem this way as new CACs are now coming with the PIVs already exposed.
Table 4: Click link below for the CAC enabler you decided to use based on the criteria in tables 1-3 above
If you still have problems, here is a helpful Navy specific page
Specifics for the following versions of Mac OS can be found at these links:
The five (5) current CAC Types are...
Look at the back of your ID card (above the black strip) for one of the examples below. If you have any other version, you need to visit an ID card office and have it replaced. All CACs other than these shown below were to be replaced prior to 1 October 2012.
Find out how to flip card over video
Information / download links
Version 1.7 supports Mac OS High Sierra (10.13.x) down to and below
Purchase PKard from Thursby Software
PKard demo (click Videos tab)
Thursby offers US phone, email, and forums support for the software they've been developing for over 10 years and is 100% made in the USA
If you have Centrify Express installed, you can see / verify if your CAC is blocked.
Select Go > Utilities > Centrify
Double click: Smart Card Assistant
Look under status for: Card is locked
NOTE: If Card status is blank, the card is not blocked
If you are still having problems, contact us.
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email lists?
Last Update or Review: Thursday, 19 April 2018 21:02
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us