Well I got good news and I'm-getting-closer-but-not-quite-there news.
Good news is that I got OWA email to work. I have taken a multitude of ideas from repeated google searches of such combinations as smartcard, cac, mac, etc.
1) Obviously have the correct firmware (I'm using SCR331 v5.25), nuff said
2) "Remove cached CAC credentials" through the "terminal" application (instructions here
http://cisr.nps.edu/downloads/npscs_06009.pdf). I have done this multiple times and it did not work because I created the "tokens-old" directory once and I did not delete it (which is slow for someone with a very basic UNIX understanding. If anyone has a quicker way, do share). I guess you could create a "tokens-old2" and that would suffice. As long as you create a new directory called "tokens"
3) Identity preferences. For email I have 2 preferences, both of which end with a slash
https://owa.base.af.mil/
https://owa.base.af.mil/exchange/
For the ceritificate I use the non-email one (i.e. DOD CA-12). Obviously all your certificates need to have a green check mark and "This certificate is valid". Also I copied all my certs to the "login" keychain, but this may not have been needed.
4) Go to Keychain preferences, go to the third tab "Certificates". OCSP and CRL should be "off" and priority should be shaded dark.
5) I fixed my "certificates have been revoked" by getting my CAC reset at the MPF. Turns out my email was not loaded correctly (my middle initial is included in my email). This will not affect most folks, but every bit help.
Now the other news affects the Air Force Portal. I did all the above and was able to log into the portal ONCE. I have not been able to repeat. I have frequently repeated OWA.
Currently for the portal I get "The website "www.my.af.mil" did not accept the certificate Lastname.first.middle 123457895"
For identity preferences I use the same "DOD CA-12" non email one.
I have every possible identity loaded and have tried various combinations
https://www.my.af.mil/EAI_JUNCTION/eai/auth
https://www.my.af.mil/
https://www.my.af.mil/EAI_JUNCTION/eai/auth?refURL=https://www.my.af.mil/faf/FAF /fafHome.jsp
https://www.my.af.mil/EAI_JUNCTION/eai
https://www.my.af.mil/EAI_JUNCTION/eai/
If I delete the first 2, keychain/the portal automatically load them back in. I take that to mean they are needed.
I feel I am very close I just need another piece of the puzzle