APPLE MACINTOSH COMPUTER SUPPORT PAGE for SIERRA (currently 10.12.2)
Released on 20 September 2016
CACkey, PKard, & Centrify Express are the only reported CAC enablers that will work with Mac OS Sierra.
PKard needs version 1.7 (or higher), &
The following information is provided for your situational awareness while setting up the utilization of your CAC on your Mac. It is updated as additional information is available and your input is appreciated for solutions not outlined here. Installation instructions can be found here.
NOTICE: The links to vendors / products is an attempt to save you time searching for the specific item, by linking you directly to the item shown. You will notice I have multiple [when I can find] vendors to choose from. I have no personal preference as to who you decide to purchase from. I am not endorsing any particular product, I'm merely letting you know what works and where you can get it from.
Windows on your Mac: We know you have made a conscious decision to “be a Mac,” but the Government / Microsoft have not. DTS and signing forms used to only be available to Windows users, but are now available on Macs. The last item you cannot do on a Mac is digitally encrypt and / or decrypt emails in OWA. To do this, you'll need to use Windows through a Virtual Machine, such as Parallels (discounted prices), VMware Fusion (Parallels vs. VMware comparison), or VirtualBox or through Apple’s native Boot Camp (alternate guide). This will require you to have a licensed copy of Microsoft Windows, install the DoD certificates, and make sure your Internet Explorer web browser is configured correctly. With these programs, you can install the S/MIME control software within your web browser. The benefit of the Virtual Machines over Boot Camp is that it will allow you to run Windows as an additional program (without restarting your computer) and keep OS X running the entire time.
Discounted prices on the programs mentioned below can be viewed here
NOTE: If your CAC reader is not being recognized by your virtual Windows, follow this guidance:
VMware Fusion: From the menu bar, select Virtual Machine, then USB. Find your CAC reader and select it.
Parallels Desktop - (In Coherent mode): Click the red parallel lines in the menu bar, Select Devices, USB, find your CAC reader and select it.
Parallels Desktop - (Not in Coherent mode): Simply plug your reader into the computer and select whether you want to use it in Mac or Windows. You may also need to click the word Devices in the top row, USB, then your CAC reader.
VirtualBox: Click the word Devices (at the top of the screen), then USB Devices, and select your CAC reader. When you want to use it on your Mac, go to the same location and remove the checkmark. If you receive an error message when trying to select the reader here follow these instructions:
* In the VirtualBox GUI, click on USB (small icon in
the list of devices).
DTS (Defense Travel System) See the DTS specific page for support
CAC Readers: With a variety of CAC readers available today there are also a variety of issues. The SCR series of CAC readers work very well. The SCR-331 reader may need a Firmware Update. See several different models of USB CAC readers here. You will see a small note on some of the readers to show you how to make them compatible with your Mac. Here is a web page that lists all known CAC readers and whether they are supported, should work, or unsupported with the Mac OS'.
HQDA Citrix access information for your Mac How to guide
DoD Root certificates on your Mac only go up to the CA on your CAC, so, if your CAC has a CA below 32 you need to install the CAs from your CAC CA to 32 and CA Email to 32. Please follow installing DoD certificates from here.
Outlook Web Access / App (OWA): The use of OWA on Mac sometimes times out. Beware that when using OWA on your Mac if you are inactive on the primary window, for example: the Inbox, while replying to an email, the browser may time out. On a Windows computer ActivClient (middleware) software maintains communications with the server and re-requests validation of your credentials. On a Mac this is not so, Safari will respond to a direct request for validation of your credentials, however it will not re-request that you verify as the server requires. Be sure that prior to selecting the Send button that you copy your work to the clipboard as you will most likely have to restart Safari and log back in. You also will not be able to digitally sign / encrypt / decrypt emails since the S/MIME software is proprietary for Microsoft Internet Explorer (32 bit) only, therefore, it doesn't exist for a Mac.
Internet Explorer Emulation (NOT applicable to OWA): If you visit a website with your Mac that states it can only be accessed via Internet Explorer, or some web pages simply won't work while using your CAC with Safari, try this: Open Safari, Click on the word Safari (in the bar at the top), select Preferences..., Advanced, click the Show Develop menu in the menu bar box. Close Advanced screen. Now to emulate IE, click on the word Develop (at the top), click User Agent, then choose Internet Explorer 9, 10, or 11.
Air Force Users look here for some helpful information
Navy Users look here for some specific information
El Capitan (10.11.x) users, utilize the El Capitan support page
Yosemite (10.10.x) users, utilize the Yosemite support page
Mavericks (10.9.x) users, utilize the Mavericks support page
Mountain Lion(10.8.x) users, utilize the Mountain Lion support page
Lion (10.7.x) users, utilize the Lion support page
Snow Leopard (10.6.x) users, utilize the Snow Leopard support page
Leopard (10.5.x) users, utilize the Leopard support page
Tiger(10.4.x) users, utilize the Tiger support page
If you are still having problems, contact us.
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Last Update or Review: Wednesday, 14 December 2016 19:58 hrs
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us