APPLE MACINTOSH COMPUTER SUPPORT PAGE for EL CAPITAN (currently 10.11.6)
El Capitan [10.11.x]
Released on 30 September 2015
If you've recently upgraded from any version of Mac OS X to 10.11.x (El Capitan)[and you were successfully using your CAC prior to the upgrade], you'll need to uninstall your CAC enabler, restart computer, then install a new El Capitan compatible CAC enabler from links at table 4 on the CAC Enablers page.
If you've just updated your Mac OS from 10.11.3 to 10.11.6 and your SCR 331, 3310, 3300v2, or 3500 model reader has stopped working, you may need to update the driver per https://forums.developer.apple.com/message/127598# You'll see in epeterso's 29 March reply where it has a link to the scmccid_mac_5.0.35.zip file
Some people have had to disable Apple's SIP (System Integrity Protection). SIP removes root rights to all system files. So, any driver not signed by Apple will not be allowed to install. To turn this off, please look here.
If you are planning on upgrading to El Capitan (10.11.x) from Mountain Lion (10.8.x), Lion (10.7.x) or Snow Leopard (10.6.x), you need to make sure your computer can support it. Apple states that IF your computer worked with Yosemite (10.10.x) or Mavericks (10.9.x), it will work with El Capitan. Read more at OS X Daily
If you are having DTS (Defense Travel System) problems with El Capitan, please look here
The following information is provided for your situational awareness while setting up the utilization of your CAC on your Mac. It is updated as additional information is available and your input is appreciated for solutions not outlined here. Installation instructions can be found here.
NOTICE: The links to vendors / products is an attempt to save you time searching for the specific item, by linking you directly to the item shown. You will notice I have multiple [when I can find] vendors to choose from. I have no personal preference as to who you decide to purchase from. I am not endorsing any particular product, I'm merely letting you know what works and where you can get it from.
Windows on your Mac: We know you have made a conscious decision to “be a Mac,” but the Government / Microsoft have not. DTS and signing forms used to only be available to Windows users, but are now available on Macs. The last item you cannot do on a Mac is digitally encrypt and / or decrypt emails in OWA. To do this, you'll need to use Windows through a Virtual Machine, such as Parallels (discounted prices), VMware Fusion (Parallels vs. VMware comparison), or VirtualBox or through Apple’s native Boot Camp (alternate guide). This will require you to have a licensed copy of Microsoft Windows, install the DoD certificates, and make sure your Internet Explorer web browser is configured correctly. With these programs, you can install the S/MIME control software within your web browser. The benefit of the Virtual Machines over Boot Camp is that it will allow you to run Windows as an additional program (without restarting your computer) and keep OS X running the entire time.
Discounted prices on the programs mentioned below can be viewed here
NOTE: If your CAC reader is not being recognized by your virtual Windows, follow this guidance:
VMware Fusion: From the menu bar, select Virtual Machine, then USB. Find your CAC reader and select it.
Parallels Desktop - (In Coherent mode): Click the red parallel lines in the menu bar, Select Devices, USB, find your CAC reader and select it.
Parallels Desktop - (Not in Coherent mode): Simply plug your reader into the computer and select whether you want to use it in Mac or Windows. You may also need to click the word Devices in the top row, USB, then your CAC reader.
VirtualBox: Click the word Devices (at the top of the screen), then USB Devices, and select your CAC reader. When you want to use it on your Mac, go to the same location and remove the checkmark. If you receive an error message when trying to select the reader here follow these instructions:
* In the VirtualBox GUI, click on USB (small icon in
the list of devices).
DTS (Defense Travel System) See the DTS specific page for support
CAC Readers: With a variety of CAC readers available today there are also a variety of issues. The SCR series of CAC readers work very well. The SCR-331 reader may need a Firmware Update. See several different models of USB CAC readers here. You will see a small note on some of the readers to show you how to make them compatible with your Mac. Here is a web page that lists all known CAC readers and whether they are supported, should work, or unsupported with the Mac OS'.
HQDA Citrix access information for your Mac How to guide
DoD Root certificates on your Mac only go up to the CA on your CAC, so, if your CAC has a CA below 32 you need to install the CAs from your CAC CA to 32 and CA Email to 32. You can download the AllCerts.zip file, then double click the individual certificates you need in the folder.
Outlook Web Access / App (OWA): The use of OWA on Mac sometimes times out. Beware that when using OWA on your Mac if you are inactive on the primary window, for example: the Inbox, while replying to an email, the browser may time out. On a Windows computer ActivClient (middleware) software maintains communications with the server and re-requests validation of your credentials. On a Mac this is not so, Safari will respond to a direct request for validation of your credentials, however it will not re-request that you verify as the server requires. Be sure that prior to selecting the Send button that you copy your work to the clipboard as you will most likely have to restart Safari and log back in. You also will not be able to digitally sign / encrypt / decrypt emails since the S/MIME software is proprietary for Microsoft Internet Explorer (32 bit) only, therefore, it doesn't exist for a Mac.
Internet Explorer Emulation (NOT applicable to OWA): If you visit a website with your Mac that states it can only be accessed via Internet Explorer, or some web pages simply won't work while using your CAC with Safari, try this: Open Safari, Click on the word Safari (in the bar at the top), select Preferences..., Advanced, click the Show Develop menu in the menu bar box. Close Advanced screen. Now to emulate IE, click on the word Develop (at the top), click User Agent, then choose Internet Explorer 9, 10, or 11.
Air Force Users look here for some helpful information
Navy Users look here for some specific information
Sierra (10.12.x) users, utilize the Sierra support page
Yosemite (10.10.x) users, utilize the Yosemite support page
Mavericks (10.9.x) users, utilize the Mavericks support page
Mountain Lion(10.8.x) users, utilize the Mountain Lion support page
Lion (10.7.x) users, utilize the Lion support page
Snow Leopard (10.6.x) users, utilize the Snow Leopard support page
Leopard (10.5.x) users, utilize the Leopard support page
Tiger(10.4.x) users, utilize the Tiger support page
OS X 10.11.x (El Capitan) introduced a new feature called SIP which removed root rights to all system files. This means any driver not signed by Apple can not be installed.
IF you need to disable this "feature" here's how:
1. Reboot the Mac and hold down <Command> + <R> keys simultaneously after you hear the startup chime, this will boot OS X El Capitan into Recovery Mode.
2. When the "OS X Utilities" screen appears, click on "Utilities" menu at the top of the screen, and choose "Terminal."
3. Type the following command into the Terminal then hit return: csrutil disable; reboot
4. Your computer will restart immediately
You can now install the CAC reader driver(s)
If you'd like to turn SIP back on after installing your driver, repeat the steps above, but use: csrutil enable; reboot instead
If you are still having problems, contact us.
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Last Update or Review: Monday, 24 October 2016 19:26 hrs
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us