Search MilitaryCAC:

Site Map logo

.com | .us | .ml  | .mobi | .net | .org


The Definitive Source for Everything CAC

  Common Access Card help for your

Personal Mac Computer

Also available at:

Please ShareThis website with your friends and colleagues

Make a Donation button image








If you have problems accessing websites with your CAC please try the following ideas. 




Idea #1:  Run the Keychain First Aid (information "borrowed" from Thursby forums)


Step 1-1:  Click: Go (top of screen), Utilities, double click Keychain Access. 


NOTE:  If you don't see Go, click the finder Mac Finder imageicon  in your Dock (bottom of screen), click Applications (under Places), Utilities, Keychain Access  (you can also type: keychain access in the spotlight search)


Step 1-2:  Look in the left column, under Keychains, click login


Step 1-3:  Click Keychain Access (from the menu bar), choose:  Keychain First Aid


Step 1-4:  Enter your username and computer password, select verify, click Start


Step 1-5: It may return Verification failed, this is expected.  If there is more than 1 red line, select Repair, then click Start


Step 1-6:  When complete, quit Keychain Access and try accessing the CAC enabled website again



Idea #2:  Manually delete the websites you are having problems accessing.

This can also help if you lost access [for no apparent reason] to your


Step 2-1:  Click: Go (top of screen), Utilities, double click Keychain 


(You can type: keychain access using Spotlight (which is my preferred method))

Typing Keychain Access into Spotlight 

Step 2-2: Select login (under Keychains), and All Items (under Category) see image below.  You will see all items that are being saved in your Keychain Access.  These can include your Airport password for your home Wi-Fi network and / or CAC websites / Identity preferences that you have visited and used your CAC on previously.   

Step 2-3:  Click the column heading titled Kind, scroll down to Identity preference, now  Delete any CAC enabled websites that you are having problems accessing.  You can hold your control key and click your single button [Mac mouse] and select Delete, or if you have a two button mouse right click and select Delete.  Once they are deleted, close keychain,

Step 2-4:  Remove CAC from reader, then reinsert it. 

Step 2-5:  Clear your web browser history, then revisit the CAC website you are having problems accessing.

Example of entries to remove.  You may see something different than "mont." 

NOTE:  Yours will probably have a red circle with a white X access denied image

Items to remove in keychain image


new imageSome of the same "bad certs" that have caused problems in Windows are now showing up in the keychain access section on Macs.


image   DoD Interoperability Root CA 1   certificate
image   DoD Root CA 2   certificate
image   SHA-1 Federal Root CA   certificate


  If you see them, delete them

NOTE:  If you accidently delete the login folder rather than the items inside it, you can restore it by navigating to /users/<username>/library/keychains/login.keychain and double clicking it.

Solution found at:

Idea #3: You may have a corrupt preference.

Open Safari,  click the word Safari, Reset Safari... this will clear out cached pages

Further ideas can be seen on Apple Support


Idea #4:  Clearing the old certificates (after receiving a new CAC)


The Mac OS will cache some information about your CAC in order to read the data faster the next time it's being used on your computer.  Sometimes this cache can cause issues after receiving a new ID card.  Thursby's suggestion is that you remove your card from the reader if its present, download the utility from the link below, then run the app for "if you have received a new card or new certs."  This will clear all of the token cache information by running a Terminal command.  Also, there will not be a completion dialog, and at most you may be prompted to type in your computer password.

Please run this utility and contact Thursby if you continue to have trouble.



If you would rather use command line, you can Run in

sudo rm -rf /var/db/TokenCache/tokens/

Instructions "borrowed" from this page



If you are still having problems, contact us



The four current CAC "models" are:  "GEMALTO TOP DL GX4 144",  "GEMALTO DLGX4-A 144", "G&D FIPS 201 SCE 3.2," and Oberthur ID One 128 v5.5 Dual."

If you have any other CAC, you need to replace it before proceeding


You can verify by looking on the back of your ID card above the black magnetic strip for either of these: 


Gemalto 144 CAC image GemaltoDLGX4-A 144 image G&D FIPS 201 SCE 3.2 image Oberthur 5.5 CAC image


You may also visit the individual pages for each version of OS X supported via this website:


El Capitan - 10.11.x

Yosemite - 10.10.5

Mavericks - 10.9.5

Mountain Lion - 10.8.5

Lion - 10.7.5

Snow Leopard - 10.6.8

Leopard - 10.5.8

Tiger - 10.4.11


If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?



ACRONYM Reference Page


GoDaddy Site Certified seal


Last Update or Review:  Thursday, 12 November 2015 22:33 hrs


The following domain names all resolve to the same website:,,,, and