My latest challenges are: 1) getting Outlook Web Access (OWA) into the e-mail servers for the Joint Staff, and 2) Registering my new CAC with AF Portal, as my new CAC certificates are not registered/recognized.
Setting "New Identity Preference" (from the "File" menu) for your CAC certificates is part of the battle. As other posts have noted, of the three certificates on a DoD CAC, one includes an Identity key, an E-mail Signing Key, and an E-mail Encryption key. My IT contractors at work advise me OWA requires an identity preference mated to the the E-mail signing key.
Another discovery: a previous post correctly noted the need for very accurate URL identification when creating an identity preference. Something I found helpful: creating an identity preference for "*.mil" , that is, making the URL read *.mil/(whatever) . The asterisk in the character string seems to work as you would hope/expect.
In order to get onto my OWA, I created an identity preference for the basic website (
https://owa.js.mil), and then one for the popup address that follows (
https://owa.js.mil/DODwarning). Along with a preference for *.mil, I can get about halfway there - the CAC is accessed, and I am prompted for my CAC password - but I am not sure the website actually responds, as I get an error message after the CAC is accepted:
"Safari can’t open the page “
https://owa.js.mil/DODwarning/” because the server unexpectedly dropped the connection. This sometimes occurs when the server is busy. Wait for a few minutes, and then try again."
The suggested fix is to reset Safari - this has not resolved the issue. Monday, I will ask the IT folks if I have been able to access the server at all thus far, but if anyone knows how to get past the latest Safari warning, I will be grateful.
Regarding 2): AF Portal can be accessed by CAC, only if your CAC has been registered with Portal ahead of time. Although I could get to Portal with a username/password, Gunter Annex could not help register my CAC from within Portal. I will go back to work, register the card again, and see if it works from home.