APPLE MACINTOSH CAC ENABLER (aka MIDDLEWARE) PAGE
Follow Tables 1 through 4 below:
PLEASE READ the preliminary notes before you start:
Preliminary Information 1: Restart your computer after installing the CAC enabler before trying to access the CAC enabled site
Preliminary Information 2: Installing multiple enabling programs will cause your system to NOT work. Here's how to uninstall CAC enablers.
Preliminary Information 3: Some of the CAC enablers below will ask for a "keychain password." It is really asking for your CAC PIN. Make sure if it asks for your Keychain password after you select your CAC certificate, that you use your CAC [6-8 digit / all number] PIN.
If you block your CAC, you'll have to visit an ID card office to get it unblocked. PKard and Centrify are two program listed below that have the capability to show you when your CAC is blocked. The other enablers do not have this capability.
Table 1: See which CAC enabling program will work with your version of Mac OS
Once you've decided, go to Table 2
Note2: Need version 1.7 (or higher)
Note3: Need version 5.3.3
Note4: Need version 0.7.8
Note5: Apple appears to be trying to be like Microsoft where 3rd party CAC enablers are not needed. OS X 10.6.x was the last version of Mac OS that had built in ability. It only worked with certain CACs and certain CAC readers. A lot has changed in 6 years, there are more CAC models and LOT more CAC readers available on the market. As you look through the tables below the Sierra built in does not have some of the capabilities you had when using other enablers.
Table 2: Verify the CAC enabling program you selected above will work with your specific CAC.
Once you've decided, go to Table 3
Note1: I haven't tested the CAC yet with this enabler. If you have one and have successfully used your CAC with the question marked enabler above, please contact me
Note2: SmartCard Services for OS X 10.9.x will ONLY work with the Gemalto TOP DL GX4 144 & G&D FIPS 201 SCE 3.2 CACs. Oberthur 5.5 & Gemalto GX4-A 144 users need to utilize a different CAC enabler.
Table 3: Verify the CAC enabling program you selected in tables 1 & 2 are:
a. Compatible with Firefox (if you plan to use this web browser),
b. Will read your PIV cert (for Dual Persona users),
c. Will allow you to digitally sign PDFs,
d. Can show you when your CAC is blocked,
e. You want support from the vendor, or
f. You want to get it for free, or pay for it
Once you've decided, go to Table 4
and click the link to the CAC enabler you decided to use.
Note1: PIV cert has to already be exposed
Note2: Will see the PIV cert, but is unusable until properly exposed.
Note3: Will work with the paid version of Centrify Identity Service not the free version linked below
Table 4: Click link below for the CAC enabler you decided to use based on the criteria in tables 1-3 above
Specifics for the following versions of Mac OS can be found at these links:
The five (5) current CAC Types are...
Look at the back of your ID card (above the black strip) for one of the examples below. If you have any other version, you need to visit an ID card office and have it replaced. All CACs other than these shown below were to be replaced prior to 1 October 2012.
Find out how to flip card over video
Information / download links
Version 1.7 supports Mac OS Sierra (10.12.x) and below
Purchase PKard from Thursby Software
PKard demo (click Videos tab)
Thursby offers US phone, email, and forums support for the software they've been developing for over 10 years and is 100% made in the USA
If you have Centrify Express installed, you can see / verify if your CAC is blocked.
Select Go > Utilities > Centrify
Double click: SmartCardTool
Look under status for: Card is locked
If you are still having problems, contact us.
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email lists?
Last Update or Review: Thursday, 25 May 2017 18:57
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us