FIREFOX INFORMATION PAGE 2
You can use your CAC with Firefox
I received this information originally on 20 October 2009 and last updated it on 23 November 2012
As there are Firefox users worldwide, many of whom use AKO, a Soldier thought it may be of use to describe how one might utilize Firefox to access AKO with a CAC.
As you are aware, AKO is not currently designed with Firefox in mind, but is instead coded specifically for use on Internet Explorer--and even more specifically only versions 6, 7, & 8. Firefox, while able to accurately and effectively display approximately 95% of the pages on the internet, does have issues properly passing CAC credentials to CAC enabled websites for authentication. Fortunately, this can be fairly easily resolved. Now, before we begin, I will assume that you are planning to use Firefox on a Windows computer. My tests were done on Windows 7, so the same directions will apply to Windows Vista and will work just as well on Windows XP.
First, you will need to have Firefox installed, the same procedures (with minimal difference) should work just fine for most older versions of Firefox back through 3.0.9 or so, though, if you have an older version I do recommend upgrading to a more recent Firefox for security reasons, as well as to get the latest compatibility.
Second, you will need to have a version of ActivClient (or OpenSC) installed. Army users can download a free, home-use version of ActivClient from AKO, other branches of the military can also download ActivClient. Where and how you acquire it is entirely up to you, just be certain you are using an up-to-date version. The version utilized for these instructions is ActivClient 6.1, ActivClient 6.2 also works.
Lastly, you will need to have a CAC reader connected to your computer with the correct drivers installed. Some of the most common readers can be seen on the USB readers page and the drivers for the card readers can be downloaded there as well. The reader I am using is by SCR331, also tested with an SCR-3310 reader.
Now that you have all the software and hardware properly installed, begin by opening Firefox. Click the word Firefox with the down arrow next to it, Options, then Options again.
The "Options" window opens. Across the top you will see the various areas of Firefox that can be configured, we are concerned with the "Advanced" tab (gear).
On the "Advanced" tab (gear) you will see 4 tabs (General, Network, Update, and Encryption). Select the "Encryption" tab. Make sure "Use SSL 3.0" and "Use TLS 1.0" are both checked. Also select the radio button for "Ask me every time" to make Firefox ask you to select the appropriate certificate when a website asks for one.
Click the "Security Devices" (button), the "Device Manager" window will open. On the right side of the Device Manager window, click the "Load" (button). For the "Module Name", you can enter any name you would like to identify your CAC reader. For mine, I entered "CAC Reader." Click the "Browse..." button to select the DLL file that Firefox needs to be able to communicate with ActivClient and pass your CAC credentials to websites properly. You will need to browse to:
-ActivClient 6.2 on 32 bit computers: C:\ProgramFiles\ActivIdentity\ActivClient\acpkcs211.dll or acpkcs201-en6.dll
-ActivClient 6.2 on 64 bit computers: C:\ProgramFiles(x86)\ActivIdentity\ActivClient\acpkcs211.dll or C:\ProgramFiles\ActivIdentity\ActivClient\acpkcs211.dll
-ActivClient 6.1 computers: C:\Windows\System32\acpkcs211.dll or acpcks201-en6.dll
-OpenSC (32 bit) computers: C:\windows\system32\opensc-pkcs11.dll
With that done, we now need to make sure Firefox sees the certificates as well. Close the Device Manager window, and click on the View Certificates (button) in the "Options" window. With your CAC still in the reader, you should now see your certificates on the "Your Certificates" (tab) in the "Certificates Manager" window. If you don't see your certificates here, something is not correct. Go back and ensure that you have followed all the instructions above and that you have your CAC reader drivers properly installed. If ActivClient cannot see your certificates, neither can Windows, Internet Explorer, or Firefox.
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Last Update or Review: Sunday, 15 February 2015 12:00 hrs
The following domain
names all resolve to the same website: ChiefsCACSite.com,
CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us