Search MilitaryCAC:

Site Map

MilitaryCAC.com logo

.com | .us | .ml  | .mobi | .net | .org


The Definitive Source for Everything CAC

Common Access Card help for your

Personal Linux Computer

Also available at:

https://MilitaryCAC.com

Please ShareThis website with your friends and colleagues

Make a Donation button image

 

 

 

LINUX SUPPORT PAGE

Linux logo

 

Linux support provided by Nathan Wolf

 

The following is a guide to assist in setting up your Linux computer to access CAC-enabled DoD websites from the general to the specific.

Install the middleware

The Linux CAC Reader stack is based on a set of middleware called PCSC (Personal Computer Smart Card), written by the MUSCLE (Movement for the Use of Smart Cards in a Linux Environment) project.

 

Software packages

pcsc-lite - PCSC Smart Cards Library

pcsc-ccid - generic USB CCID (Chip/Smart Card Interface Devices) driver

            Note: Depending on your card reader you may need to install other drivers

perl-pcsc - Abstraction layer to smart card readers

pcsc-tools - Optional but highly recommended, these tools are used to test a PCSC driver, card and reader

The naming of this package / library name varies from one distribution to another depending on the package maintainer.  For example if you want to find the pcsc-lite package, enter into the search engine of your choice:

  pcsc lite yourdisribution

Replace yourdisribution with openSUSE, Fedora or Ubuntu; whatever you are running

 

PKCS #11 module

The original module to read PKCS #11 keys was 'Coolkey' which has been replaced by the currently required module 'CACkey', available from DISA's Linux development site: https://software.forge.mil/sf/frs/do/viewSummary/projects.community_cac/frs  (CAC Required link)

NOTE:  A computer with working CAC authentication is required for the download. 

Forge.mil hosts both CACkey and the DoD Configuration extension, but it also needs CAC authentication to download the packages.  Easiest may be to download all on a CAC enabled computer and then transfer to the Linux machine via thumb drive. From forge.mil download:

             The latest version of CACkey

             The latest version of the DoD Configuration extension for Firefox

Recommend these be stored on AKO Cloud, Dropbox, Google Drive, portable media, or other location to ensure continued access.

 

Configuring Firefox

Firefox requires a plug-in and some tweaking.

The plug-in is the aforementioned DoD Configuration extension for Firefox obtained from DISA

Once installed it may need configuring:

                Select from the menu, Tools > Add-ons

                Once the Add-ons page is loaded, Select Extensions > DOD Configuration [version] and click Preferences.

                Click the certificate buttons to update the certificate cache with the necessary DOD certificates, then click Redetect Smart Card Reader.

                If it fails to find the reader all is not lost--go to https://www.us.army.mil  or some other CAC-required site and give it a try--it often works.

If the CAC Module is not working:

                Select from the menu, Edit > Preferences > Advanced > Encryption > Security Devices

                Check the left column.  It should show an entry similar to "CAC Module" along with certificate(s) as a sub-item.  If it doesn't work then the entries are wrong.

                Select the entry and select Unload to remove the security device

                  ◦             To install / reinstall the CAC driver in Firefox using the above listed Security Devices

                Select Load on the dialog box

                Module name should be something like: DoD CAC

                Module filename: either type in or browse to the location of the libcackey.so drivers

                The files will be located under either: 

            /usr/lib/

            or

            /usr/lib64/

 

DTS

OpenJDK is not compatible with DBSign.  You will have to install Java from Oracle.  This varies from distribution to distribution.

See below for distribution specific information.

 

DoD Certificates

Available for Linux by visiting the DoD Class 3 PKI page on DISA.mil

 

External Links

Forge.mil

https://software.forge.mil/sf/frs/do/viewSummary/projects.community_cac/frs

Site contains CACkey   (Please know this link needs to be accessed from an already CAC enabled computer)

Firefox plug-in that allows you to digitally sign Gmail messages with a digital certificate from your CAC in the web interface:

https://addons.mozilla.org/en-US/firefox/addon/592

Debian

Linux Debian "Etch" using GemPlus

gemalto instructional PDF.  http://support.gemalto.com/fileadmin/user_upload/IAM/FAQ/How_to_install_the_PC-Link_reader_on_Linux.pdf

Fedora

ZXQ9.com instructions on using CAC with Linux

openSUSE

openSUSE Wiki DoD CAC Installation Guide

openSUSE 12.1 installation assistance

openSUSE Support Database Installing SDB:Installing Java

Linux Mint

"Olivia" installation guide  (provided by Tim Friend)
Linux Miint logo 

Linux Mint

"Petra" installation guide  (provided by Wayne Moore)
Linux Mint Petra image

Ubuntu

How to install PC-Link readers on Linux Ubuntu

Instructions for installing CAC on Ubuntu 13.04

Guide for Installing CAC on Ubuntu 12.04

Guide for Installing CAC on Ubuntu 11.04

Update to PDF immediately above regarding Ubuntu 11.10: Update about getting CACs to work on the new Ubuntu 11.10 as it is different than directions listed for Ubuntu 11.04.  In short, Coolkey will not work, CACKey must be downloaded from DISA source forge (CAC login only).  Second, the install would not work until I manually created the directory /usr/lib64 in the terminal

A good step by step (with pictures) guide for setting up CAC use on Fedora (13) & Ubuntu (10.4) Linux

Ubuntu forums for CAC support

Lotus Forms Viewer 8

Ubuntu forums website where you can read about configuration / utilization of your CAC.  Registration required

Other Useful Links

DBSign on Linux information

Lotus Forms installation into Linux information.

Pure Edge installation into Linux information

Please note: there is still NO way to digitally sign an XFDL form in Linux.

Office 2007 installation into Linux information

QWS3270 installation into Linux information

 

  

Some older links, that "may" help you:

There's a Firefox plug-in that allows you to digitally sign Gmail messages with a digital certificate from your CAC in the web interface:

https://addons.mozilla.org/en-US/firefox/addon/592

 

 

 Linux Debian "Etch" using GemPlus

 
Another Soldier used Ubuntu 8.04 (Hardy Heron) with Mozilla's Thunderbird for email.  He used Coolkey to get the CAC reader working with Firefox, then loaded Coolkeys pkcs module into Thunderbird.

 

 

Another Ubuntu forums website where you can read about configuration / utilization of your CAC. 
 
Using Linux with your CAC links on Google

 

Linux support provided by: Nathan Wolf

 

If you have questions or suggestions for this site, contact Michael J. Danberry

Are you interested in subscribing to the CACNews email list?

Disclaimer

 

ACRONYM Reference Page

 

GoDaddy Site Certified seal

 

Last Update or Review:  Friday, 13 May 2016 17:26 hrs

 

The following domain names all resolve to the same website:  ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us