APPLE MACINTOSH CAC ENABLER (aka MIDDLEWARE) PAGE
Follow Tables 1 through 4 below:
PLEASE READ the preliminary notes before you start:
Preliminary Information 1: Restart your computer after installing the CAC enabler before trying to access the CAC enabled site
Preliminary Information 2: Installing multiple enabling programs will cause your system to NOT work. Here's how to uninstall CAC enablers.
Preliminary Information 3: Some of the CAC enablers below will ask for a "keychain password" (like the image below). You need to enter your CAC PIN. Make sure if it asks for your Keychain password after you select your CAC certificate, that you use your CAC [6-8 digit / all number] PIN.
If you block your CAC, you'll have to visit an ID card office to get it unblocked. PKard and Centrify are two program listed below that have the capability to show you when your CAC is blocked. The other enablers do not have this capability.
Table 1: See which CAC enabling program will work with your version of Mac OS
Once you've decided, go to Table 2
Note2: Need version 1.7 (or higher)
Note3: Need version 5.3.3
Note4: Apple computers with Mac OS Mojave, High Sierra, and Sierra have a "built in Smart Card ability," meaning 3rd party CAC enablers "may" not be needed. You may be able to access some DoD sites, however, some Outlook Web App sites don't play well with it. Read here on how to disable the built in ability to use Centrify Express, CACKey, or PKard. This should also remove the duplicate certificates to choose from.
Note5: Please let me know if any of these enablers work for you.
Table 2: Verify the CAC enabling program you selected above will work with your specific CAC.
Once you've decided, go to Table 3
Note1: I haven't tested the CAC with this enabler. If you have one and have successfully used your CAC with the question marked enabler above, please contact me
Note2: SmartCard Services for OS X 10.9.x will ONLY work with the Gemalto TOP DL GX4 144 & G&D FIPS 201 SCE 3.2 CACs. Oberthur 5.5 & Gemalto GX4-A 144 users need to utilize a different CAC enabler.
Note3: Please let me know if any of these CACs work for you.
Table 3: Verify the CAC enabling program you selected in tables 1 & 2 is:
a. Compatible with Firefox (if you plan to use this web browser),
b. Will read your PIV cert (for Dual Persona users),
c. Will allow you to digitally sign PDFs,
d. Can show you when your CAC is blocked,
e. You want support from the vendor, or
f. You want it for free, or pay for it
Once you've decided, go to Table 4
and click the link to the CAC enabler you decided to use.
Note1: PIV cert has to already be exposed
Note2: Will see the PIV cert, but is unusable until properly exposed.
Note3: Will work with the paid version of Centrify Identity Service not the free version linked below
Note4: I am being told PKard will somehow read a PIV without it being exposed. This would mean that it would read everyone's PIV whether they needed it or not. Please let me know of your experience. This may seem this way as new CACs are now coming with the PIVs already exposed.
Table 4: Click link below for the CAC enabler you decided to use based on the criteria in tables 1-3 above
If you still have problems, here is a helpful Navy specific page
Specifics for the following versions of Mac OS can be found at these links:
The five (5) current CAC Types are...
Look at the back of your ID card (above the black strip) for one of the examples below. If you have any other version, you need to visit an ID card office and have it replaced. All CACs other than these shown below were to be replaced prior to 1 October 2012.
Find out how to flip card over video
Information / download links
Version 1.7 supports Mac OS High Sierra (10.13.x) down to and below
Purchase PKard from Thursby Software
PKard demo (click Videos tab)
Thursby offers US phone, email, and forums support for the software they've been developing for over 10 years and is 100% made in the USA
If you have Centrify Express installed, you can see / verify if your CAC is blocked.
Select Go > Utilities > Centrify
Double click: Smart Card Assistant
Look under status for: Card is locked
NOTE: If Card status is blank, the card is not blocked
If you are still having problems, contact us.
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email lists?
Last Update or Review: Wednesday, 14 November 2018 18:53
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us