Search MilitaryCAC.com: Site Map

Verified and secure at:  https://MilitaryCAC.com Please this website with your friends and colleagues

ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, ChiefGeek.us, MilitaryCAC.info, MilitaryCAC.us, MilitaryCAC.org, MilitaryCAC.net, & MilitaryCAC.mobi

The Definitive Source for Everything CAC

  CAC (Common Access Card) help for your personal computer

FIREFOX INFORMATION PAGE 2

You can use your CAC with Firefox 

I received this via email on 20 October and felt it may be useful.

  As there are thousands upon thousands of Firefox users worldwide, many of whom use the AKO/DKO portal, I thought it may be of use to describe how one might utilize Firefox to access the AKO/DKO portal with a CAC.

  As you are aware, the AKO/DKO portal is not currently designed with Firefox in mind, but is instead coded specifically for use on Internet Explorer--and even more specifically only versions 6 and 7 of Internet Explorer. Firefox, while able to accurately and effectively display approximately 95% of the pages out on the internet, does have issues properly passing CAC credentials to the AKO/DKO portal for authentication. Fortunately, this can be fairly easily resolved. Now, before we begin, I will assume that you are planning to use Firefox on a Windows machine. My tests were done on Windows 7 RC1, so the same directions will apply to Windows Vista and will work just as well on Windows XP.

  First, you will need to have Firefox installed. At the time of this writing, the most recent version of Firefox is 3.5.2, and the directions that follow are based on that version, however, the same procedures (with minimal difference) should work just fine for most older versions of Firefox back through 3.0.9 or so, though, if you have an older version I do recommend upgrading to a more recent Firefox for security reasons, as well as to get the latest compatibility.

  Second, you will need to have a version of ActivClient installed. You can download a free, home-use version of ActivClient from AKO/DKO as well as numerous other places. Where and how you acquire it is entirely up to you, just be certain you are using an up-to-date version. The version utilized for these instructions is ActivClient 6.1.

  Lastly, you will need to have a CAC (SmartCard) reader connected to your machine with the correct drivers installed. Some of the most common readers are by SCM Microsystems (http://scmmicro.com) and Gemalto (http://support.gemalto.com), and the drivers for their card readers can be downloaded for free from their respective websites. The reader I am using is by SCM (SCR331 USB).

  Now that you have all the software and hardware properly installed, begin by opening Firefox. On the menu bar, click "Tools", then "Options..."

  The "Options" window opens. Across the top you will see the various areas of Firefox that can be configured, we are concerned with the "Advanced" tab right now.

  On the "Advanced" tab you will see 4 sub-tabs (General, Network, Update, and Encryption). Select the "Encryption" tab. At this time, you'll want to first make sure that "Use SSL 3.0" and "Use TLS 1.0" are both checked. Also select the radio button for "Ask me every time" to make Firefox ask you to select the appropriate certificate when a server (website) asks for one.

  Click the "Security Devices" button and the "Device Manager" window will open. On the right side of the Device Manager window, click the "Load" button. For the "Module Name", you can enter any name you would like to identify your CAC reader. For mine, I entered "CAC Reader". Click the "Browse..." button to select the DLL file that Firefox needs in order to communicate with ActivClient and pass your CAC credentials to websites properly. You will need to browse to:   C:\Windows\System32

  In that folder, select the file "acpkcs201.dll". Click "OK" and your CAC reader will be linked with Firefox. At this point, if you have not done so already, open ActivClient and make your certificates available to Windows. To do this, insert your CAC into the reader and open ActivClient (most easily done by double clicking on the ActivClient icon in the system tray at the bottom right of your screen). In ActivClient, click "Tools", then click "Advanced...", and select "Make certificates available to Windows". You can now close ActivClient.

  With that done, we now need to make sure Firefox sees the certificates as well. Close the "Device Manager" window, and click on the "View Certificates" button of the "Options" window. With your CAC still in the reader, you should now see your certificates on the "Your Certificates" tab of the "Certificates Manager" window. If you don't see your certificates here, something is not correct. Go back and ensure that you have followed all the instructions and that you have your CAC reader drivers properly installed. If ActivClient cannot see your certificates, neither can Windows, Internet Explorer, or Firefox.

  If Firefox is still not seeing your certificates, you can try re-loading the security device module for the CAC reader, but select "acpkcs211.dll" or "acpkcs201-en6.dll" as the module file name instead of "acpkcs201.dll".