Search MilitaryCAC:

Site Map

Please ShareThis website with your friends and colleagues

MilitaryCAC.com logo

.com | .us | .info | .ml  | .mobi | .net | .org


The Definitive Source for Everything CAC

Common Access Card help for your
P
ersonal Computer

Be notified of
page updates
It's private
Powered by:
ChangeDetection

 

Also available at:

https://MilitaryCAC.com

 

Make a Donation button image

  

 

 

 

 

 

YOU "CAN USE" YOUR CAC WITH WINDOWS 8 & 8.1

 

Installation Steps

Step 1: Obtain a CAC Reader
Step 2: CAC Reader driver / Video
Step 3: DoD Certificates / Video
Step 4: Coolkey, NOT ActivClient
Step 4a: DON'T Use ActivClient 6.2
Step 5: IE adjustments / Video
Log into a CAC enabled webpage now to test
Step 6: Lotus Forms / Video
Step 7: eSign / ApproveIt / Video

Information for Windows 8 upgraders using Parallels

 NOTICE:  Computers with Internet Explorer 11 (Window 8.1, 8, & 7) will have to add the OWA server [or any other websites that are not working] to the "Compatibility View Settings" by following slides 19 & 20 in this guide.  You might also need to reinstall the S/MIME control.  More information is available here on this subject.

To use DTS with Internet Explorer 11 on Windows 8.1, look here for instructions

You can use your CAC on Windows 8 / 8.1 without installing ActivClient unless you want to use Firefox.

People who have updated from Windows 8 to 8.1 (who were previously using ActivClient 6.2.0.x) will need to uninstall it, restart computer to be able to use your CAC now. 

NEWS: The latest patch (7.0.2.318) for ActivClient 7.0.2.25 (2A below)  is needed to use your CAC with Windows 8.1.  In my tests it will read, but you are still prompted for your PIN quite often.  I was also not able to read most emails, I could only see the header.  Google Chrome would open up all except the encrypted emails since S/MIME is not compatible with anything but Internet Explorer.

Some interesting Windows 8 informational links

NOTE:  One VERY Annoying problem with using the Windows 8 & 8.1 built in Smart Card Utility [even using ActivClient 7.0.1.x / 7.0.2.x] is when accessing Outlook Web App (OWA) aka web.mail.mil.  You may be prompted for your PIN constantly.  Windows 7 users had the option to install ActivClient 6.2.0.x to cache their PIN.  The current 6.2.0.x version of ActivClient does not work on [most people's] Windows 8 or 8.1 computers.  Both Smart Card Manager & CSSi did not experience this very annoying issue for me in my tests. (Smart Card Manager is not helping some Navy personnel with the annoying PIN prompt).  CSSi did require me to "activate" my CAC each time I inserted it into the reader.  See #2 below for links.

NOTE:  An individual emailed me stating that if you add the website you are having the constant PIN prompts from to the Intranet zone, the persistent PIN prompts went away.  Here's how: Open IE, click Tools, Internet Options, Security, Local Intranet, Sites, Advanced, now enter your webmail (or other CAC site) into it.  NOTE: This did not help in my tests.

 The basic CAC installation on Windows 8 is no different than it is for Windows 7, Vista, or XP, other than...

1When installing the eSign / ApproveIt software [Army users only].  The eSign / ApproveIt page has specifics.

2PLEASE KNOW:  Installing ActivClient 6.2.0.x or 6.1.x.x may make your CAC NOT work.  You "may" be able to use the Windows 8 or 8.1 built in Smart Card utility

2a. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 6.2.0.x] will need to uninstall it, restart computer to be able to use your CAC now.

2b. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 7.0.2.25] will need to update to 7.0.2.318 (download link)

 

NOTE:  "Some" people who have the Windows 8 BASIC edition [shows only as Windows 8] are unable to get it to work [I'm hearing of a few more each day that some people are having luck.  I have not figured why some work and some don't].  So, if it doesn't work for you, you have the following three solutions: 

        A.  Install ActivClient 7.0.2.xARMY users can download 7.0.2.25 and update from links here.  All other branches can purchase it from: SCB Solutions or TX Systems.

        B.  Install CSSi for Windows (available for purchase from SCB Solutions or TX Systems)  

        C.  Download Windows Installer Smart Card Manager-1.0.1-6-1.exe (5.67 MB). [Alternate download link].

Windows 8 uses Internet Explorer 10 or 11, Windows 8.1 uses IE 11.  The same problems we had with IE 9 have crossed over to IE 10 & 11 in regards to accessing some Government websites.  Follow this guide to remedy most of them.

3. Users who are still using Outlook Web Access 2003 may see this message below when trying to check their email in IE 10 & 11(this affects Windows 7, 8, & 8.1 users):

OWA2003IE10 image

Here is what it says (if you really wanted to know :)

OWA2003IE image text

Internet Explorer 10 & 11 are not compatible with Outlook Web Access 2003.  You can however, use Compatibility view by clicking the little 'torn paper' icon (IE 10) in the web address line.  IE 11 users, look at slide 19 in this guide.

Compatibility view image

 

4. Users who are using Kaspersky [antivirus] and trying to get to DTS may have issues.  Read more here

"This is a known issue with Java, Windows 8 and Kaspersky [antivirus].  Kaspersky is working on an automated fix, but for now try this workaround:

Open Kaspersky 2013
Click Settings
Click Application control
Click Applications
Look for Oracle America (this is the Java and it should be trusted already)
Open each item in that folder using double click
Under the tab Exclusions check all 5 checkboxes and click OK"

A person reported that he also had to exclude all of the Java Platform SE binary entries under the Oracle "+" button as well.

 

5. Windows RT users cannot install the DoD certificates by using the InstallRoot file.  You have a different way of installing the DoD certificates, which are currently Certificate Authority (CAs) 19-32.

Right Click this link DoDRootCA19-32.p7b and select "Save Target As," save to your desktop.  Right click the "DoDRootCA19-32.p7b" file and select: "Install Certificate," Next, Next, Finish, OK.

The DISA download link below only has CAs 19-30, which means it is missing CAs 31 & 32.  So, if your CAC has 31 or 32, you need the file above.

 Download rel3_dodroot_2048.p7b (from http://dodpki.c3pki.chamb.disa.mil/rootca.html (only accessible from an older web browser, meaning IE 11 cannot access this page))

new imageFollow this guide to clear the certificates manually since you cannot run teh Cross Cert Removal Tool.

 

6.  During the install process, ActivClient 7.0.2.x needs to stop and restart the Certification Propagation Service, but fails to do so.  The install hangs with an "Error stopping certpropsvc" and then a Retry or Cancel window.  This service MUST be stopped in order for the installation to continue.  Trying to manually stop the service using the services.msc window does not work (something about the service not responding in a timely manner).

Determined to find a workaround, One person looked up the certpropsvc location in the Registry and found it located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertPropSvc. He changed the Start value to 4 which effectively Disabled the service, but not until the machine was restarted.

After a reboot, the .msi package installed perfectly.  He didn't have to go back and undo the Registry changes because the install package fixed it automatically.

 

Please look on the back of your CAC (above the black magnetic strip), you will see: "GEMALTO TOP DLGX4 144", "GEMALTO DLGX4-A 144", "Oberthur ID One 128 v5.5 Dual", or "G&D FIPS 201 SCE 3.2" (see examples below).  Since Windows 8 has a built in Smart Card utility, you "may" be able to use your CAC without the need of ActivClient.

Another guide to help figure out which CAC you have

image of 144 CAC GemaltoDLGX4-A 144 imageOberther 5.5 CAC image G&D FIPS 201 SCE 3.2

Which CAC do I have video

Read more about the older CACs and replacing them

 

If you have questions or suggestions for this site, contact Michael J. Danberry

Are you interested in subscribing to the CACNews email list?

Disclaimer

 

ACRONYM Reference Page

 

GoDaddy Site Certified seal

 

Last Update or Review:  Tuesday, 14 October 2014 17:35 hrs

 

The following domain names all resolve to the same website:  ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us