Search MilitaryCAC:

Site Map

 

 MilitaryCAC.com logo

.com | .us | .ml  | .mobi | .net | .org

 

The Definitive Source for Everything CAC

  Common Access Card help for your

Personal Mac Computer

Also available at:

https://MilitaryCAC.com

Please ShareThis website with your friends and colleagues

Make a Donation button image

 

 

 

 

APPLE COMPUTER - HOW TO CLEAR THE LOGIN SECTION OF KEYCHAIN

 

 

If you have problems accessing websites with your CAC please try the following ideas. 

 

Ideas 1-3 are for Safari users

Firefox users go here

 

 

   

Idea #1:  Manually delete the websites you are having problems accessing.

This also helps if you lost access [for no apparent reason] to any sites you use your CAC on.

 

Step 1-1:  Click: Go (top of screen), Utilities, double click Keychain Access.app 

 

(You can also type: keychain access using Spotlight (this is my preferred method))

Typing Keychain Access into Spotlight 

Step 1-2: Select login (under Keychains), and All Items (under Category) see image below.  You will see all items that are being saved in your Keychain Access.  These can include your Airport password for your home Wi-Fi network and / or CAC websites / Identity preferences that you have visited and used your CAC on previously.   

Step 1-3:  Click the column heading titled Kind, scroll down to Identity preference, Delete all CAC enabled websites you are having problems accessing.  You can hold your control key and click your single button Mac mouse and select Delete, or if you have a two button mouse right click and select Delete. 

Example of mail.mil entries to remove.  You will see something different than "mont." 

NOTE:  Yours will probably have a red circle with a white X access denied image

Items to remove in keychain image

 

 

Some of the same "bad certs" that have caused problems for Windows users are now showing up in the keychain access section on Macs.

 

image   DoD Interoperability Root CA 1   certificate
image   DoD Root CA 2   certificate
image   SHA-1 Federal Root CA   certificate

 

  If you see them, delete them

Once these certs above are deleted, close keychain

Step 1-4:  Remove CAC from reader 

Step 1-5:  Clear your web browser history, then revisit the CAC website you were having problems accessing. 

Step 1-5a:  Click on the word Safari, followed by Clear History..

Safari Clear History

 

 

Step 1-5b:  Select all history in the Clear (dropdown box), and select the Clear History (button) select the Clear History (button)

Safari Clear History

 

 

Step 1-5c: Click the word Safari again, now Preferences...

Safari-Preferences

 

 

Step 1-5d:  Click the Privacy (tab), then Manage Website Data... (button)

Privacy - Manage Website Data...

 

 

Step 1-5e:  Type mail.mil [or other sites you are having problems accessing] into the search box (upper right side of active window)

Type in search box

 

 

Step 1-5f: Once the items populates in the window, select it / them, click Remove / Remove All, then Done to close the window

 

Select site Remove Done

 

 

Step 1-5g:  Reinsert your CAC in your reader and try accessing the CAC enabled website again.

NOTE:  If you accidently delete the login folder rather than the items inside it, you can restore it by navigating to /users/<username>/library/keychains/login.keychain and double clicking it.

Solution found at:  https://discussions.apple.com/thread/1948993?threadID=1948993

Idea #2: You may have a corrupt preference.

Open Safari,  click the word Safari, Reset Safari... this will clear out cached pages

Further ideas can be seen on Apple Support

 

Idea #3:  Clearing the old certificates (after receiving a new CAC)

 

The Mac OS will cache some information about your CAC in order to read the data faster the next time it's being used on your computer.  Sometimes this cache can cause issues after receiving a new ID card.  Thursby's suggestion is that you remove your card from the reader if its present, download the utility from the link below, then run the app for "if you have received a new card or new certs."  This will clear all of the token cache information by running a Terminal command.  Also, there will not be a completion dialog, and at most you may be prompted to type in your computer password.

Please run this utility and contact Thursby if you continue to have trouble.

https://www.thursby.com/forum/viewtopic.php?f=11&t=352

 

 

If you feel comfortable using command line, you can Run in Terminal.app:

sudo rm -rf /var/db/TokenCache/tokens/

Instructions "borrowed" from this page

.

 

Firefox does not use the keychain access, it stores the files within the web browser.  Here is how to clear them:

1. Select the 3 equal lines (upper right corner of your Firefox web browser).

2. Select:  Preferences

3. Select:  Advanced

4. Select:  Certificates

5. Select:  View Certificates

6. Select:  Servers

7. Scroll down to: U.S. Government

8. Select the certificates you want removed, then click Delete...

 

 

If you are still having problems, contact us

 

 

The five current CAC "models" are:  "GEMALTO TOP DL GX4 144",  "GEMALTO DLGX4-A 144", "Oberthur ID One 128 v5.5 Dual", "Oberthur ID One 128 v5.5a D", and

"G&D FIPS 201 SCE 3.2."

If you have any other CAC, you need to replace it before proceeding

 

You can verify by looking on the back of your ID card above the black magnetic strip for either of these: 

 

Gemalto 144 CAC image GemaltoDLGX4-A 144 image  Oberthur 5.5 CAC image Oberthur 5.5a CAC

G&D FIPS 201 SCE 3.2 image

You may also visit the individual pages for each version of OS X supported via this website:

 

Sierra 10.12.x
El Capitan 10.11.x
Yosemite 10.10.5
Mavericks 10.9.5
Mountain Lion 10.8.5
Lion 10.7.5
Snow Leopard 10.6.8
Leopard 10.5.8
Tiger 10.4.11

 

 
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?

Disclaimer

 

ACRONYM Reference Page

 

GoDaddy Site Certified seal

 

Last Update or Review:  Tuesday, 08 November 2016 21:47 hrs

 

The following domain names all resolve to the same website:  ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, ChiefGeek.us, and MilCAC.us