SCR CAC reader for Leopard

monolith1 has the right idea. If you are trying to get into AKO I have a solution.
1. do the same for monolith1's thing just when you to the New ID Preference put in "https://akocac.us.army.mil/" .
2. then setup a bookmark in Safari with this address "https://akocac.us.army.mil/"
3. when you select bookmark, it should ask you for your PIN.
4. It will then take you to the AKO homepage. just click the CAC login any it should log you in like normal.

P.S.
few things to keep in mind.
-if you logout you need to close safari then pull out the card and put back in. then start from step 3 again.

Just got back from looong trip, and am back trying to get access via CAC. Thanks for the advice, bajadaddy and Monolith1, buuut...

First of all, I went ahead and got an Air anyway. That means I have a NATIVE Leopard machine, with no "Previous System" files.

Monolith1 solution:
Although my SCR331 starts flashing when I put the CAC in it, I don't see any CAC keychain in the left column of the Keychain Access window; just System, Login and System Roots.

bajadaddy solution:
Nor did a Finder search of my Air find anything labeled X509. Went to my Wife's PPC-based iMac, now at 10.5.3 but started with OS9. It DOES have those files, but only in "Previous System 1" and "Previous System 2" files.

Any ideas?

Hey,

Thanks, this worked for me for the most part. Actually I was only able to get the Identity Preference on one of the certificates (it just happened that it was the right one)

The keychain crashes every time I try and do anything with the CAC certificates or Private Keys. I have to force quit to get out of the keychain.

Any thoughts?

This all seems like it would work fine if I could even see my CAC card register in Keychain Access. It worked fine and Keychain would pick up my CAC card and certs prior to upgrade to Leopard. Yet, since the, I cannot see my cac card recognized by Keychain access. I have enabled the X508 Anchor certs since then and this does not fix my access issue. Can someone please help? I am running Safari 3.1.2 and MAC OS X 10.5.4. Any help getting my MAC to recognize my reader and let me access my webmail would be great.

Desperate!

Like you, I also have a "native Leopard" machine with no x509 files anywhere on the disk, so I did not go the route that bajadaddy did.

Unfortunately, I can't offer suggestions to resolve Keychain not recognizing your reader.

Have you "upgraded" to 10.5.4 on your Air yet?

For those of you running 10.5.4 and searching for the X509 files, evidently 10.5.4 has replaced them with the default "login.keychain" file. Make sure those are added to both your "System" and "login" lists under Edit>Keychain Lists and make sure both "shared" boxes are checked.

Worked for me. The only annoyance is Safari's inability to cleanly logout or timeout from webmail. Safari has to be shut down to log back in.

Almost there.....

Yes, I upgraded to 10.5.4 on my Air. I'm a sucker for anything with "improve security" and "improve reliability." It seems a lot slower now, at pretty much everything.

I tried the other recommendation that just came in from (sorry, I don't remember your user name, and can't go back into the session to get it while I'm posting a response,) and copied my personal, intermediate and root CAC keys over into the system keychain as well. No joy. I think you have it - My keychain doesn't see my CAC reader.

This is the stupidest thing in history but it worked. I followed the directions above to add X509Anchors then set a preference to the website.

I was typing in

https://webmail.nmci.usmc.mil/exchange/

after messing around for about an hour I tried setting the preference to this

https://webmail.nmci.usmc.mil/

BINGO! Removing exchange worked and I can access my email from home again.

Now if I could only access my stupid MobileMe email from my NMCI computer that tells me I need Firefox or Safari on a computer I can't administer.

John

I have OS X 10.5.4 and a CAC that is version 6.1 I think. The CAC works fine on my windows PC, but I would like to use it on my iMac. When I plug the reader in, the CAC does not appear in the keychain access program. When I plug the reader in I get a solid light and when I insert my ID, the light stays solid, so I am assuming that my iMac is not seeing the CAC. I can't find the x509 anchors, but did make sure that my logins were "shared" under keychain access.

How do I get my iMac to see my reader so that I can follow the steps above to use the CAC?

Elaine

Elaine,

Ensure you follow the directions for importing X509 Anchors posted by Bajadaddy on 03 July. The path for the X509 anchors in Leopard is /System/Library/Keychains/X509Anchors. Follow his posted steps on importing to your keychain.

NOTE: I experienced the same situation with my SCR331 after installing the SCM Microsystem's supplied driver. If you installed a 3rd party driver for your SCR card reader, I recommend removing it, rebooting your Mac, import the X509 Anchors, and see whether your CAC and reader are shown in Keychain Access. Be sure to insert the CAC slowly, and push the card firmly into the slot. Within a second, the green LED should start blinking, and you'll see the CAC reader in Keychain.

Apple has confirmed to me that their engineers are aware of the continuing CAC support issues with Leopard 10.5.4 (despite the recent bug fixes).

Jeff

Jeff,

I got the x509 anchors in the keychains now. I downloaded libusb, pcsc lite, and the scmccid files and ran their installs and then rebooted. But, my CAC still does not show up in my keychain access. What am I doing wrong?

bajadaddy, your instructions worked GREAT for AKO CAC login. Unfortunately it doesn't work with my OWA exchange site (https://owa.mi.army.mil/exhange/) for some odd reason. Is there additional steps for this to work with an OWA server?

Check under:
* SYSTEM / Library / Keychains*

I've been following along with this post trying to get my CAC reader to work. I recently made the switch from pc to mac so I'm not all that savy with it. I updated the firmware in my SCR331 to V5.18 and downloaded the newest driver. The computer recognizes my reader but when I put my card in all I get is a flashing green light. After running pcsctest is tells me the card is unsresponsive (however it works on a pc). Any ideas?

I read all the postings. I was able to follow the directions and fix the problem. I can now get access to OWA for my email.

Under my CAC card in keychain I right cliked (control-click) and then added the https://mail.fe.navy.mil for the address. It shows up in your login. Just scroll down and it will be listed alphabetically https:....

That still did not do it. Then in went into system/library/keychains and copied the X509 file. I then went to library/keychains and pasted the file there. I then restarted the computer. I logged in the first time and it asked me to choose a certificate and I chose one of the few selected.

It then prompted me for my CAC password. It worked. I tried it a few times.

I still cant get into flight weather briefer. https://fwb.metoc.navy.mil/fwb11/

So if anyone has any ideas, I am willing to give it a go.

It seems the main problems is having the webpage prompt your computer for a CAC password.