MOST PEOPLE ARE ABLE TO USE THEIR CAC WITH WINDOWS 8 / 8.1
Utilizing your CAC on Windows 8.1 "can" be as easy as...
To use DTS with Internet Explorer 11 on Windows 8.1, look here for instructions
People who have updated from Windows 8 to 8.1 (who were previously using ActivClient 6.2.0.x) will need to uninstall it, restart computer to be able to use your CAC now.
NEWS: The latest patch at or above (18.104.22.1688) for ActivClient 22.214.171.124 (below) is needed to use your CAC with Windows 8.1. In my tests it will read, but you are still prompted for your PIN quite often. I was also not able to read most emails, I could only see the header. Google Chrome would open up all except the encrypted emails since S/MIME is not compatible with any web browser other than Internet Explorer.
NOTE: One VERY Annoying issue when using the Windows 8 & 8.1 built in Smart Card Utility [even using ActivClient 7.0.1.x / 7.0.2.x] is when accessing Outlook Web App (OWA) aka web.mail.mil. You may be prompted for your PIN constantly. Windows 7 users had the option to install ActivClient 6.2.0.x to cache their PIN. The current 6.2.0.x version of ActivClient does not work on [most people's] Windows 8 or 8.1 computers. Both Smart Card Manager & CSSi did not experience this very annoying issue for me in my tests. (Smart Card Manager is not helping some Navy personnel with the annoying PIN prompt). CSSi did require me to "activate" my CAC each time I inserted it into the reader. See below for links.
NOTE: An individual emailed me stating that if you add the website you are having the constant PIN prompts from to the Intranet zone, the persistent PIN prompts went away. Here's how: Open IE, click Tools, Internet Options, Security, Local Intranet, Sites, Advanced, now enter your webmail (or other CAC site) into it. NOTE: This did not help in my tests.
The basic CAC installation on Windows 8 / 8.1 is no different than it is for Windows 7, or Vista, other than...
1a. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 6.2.0.x] will need to uninstall it, restart computer to be able to use your CAC.
1b. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 126.96.36.199] will need to update to 188.8.131.528 (download link)
NOTE: "Some" people who have the Windows 8 / 8.1 BASIC edition [shows only as Windows 8 / 8.1] are unable to get it to work [I'm hearing of a few more each day that some people are having luck. I have not figured why some work and some don't]. So, if it doesn't work for you, you have the following three solutions:
A. Install ActivClient 7.0.2.x: ARMY users can download 184.108.40.206 and update from links here and then update to 220.127.116.118 or higher. All other branches can purchase it from: SCB Solutions or TX Systems.
Windows 8 uses Internet Explorer 10 or 11, Windows 8.1 uses IE 11. The same problems we had with IE 9 have continued with IE 10 & 11 in regards to accessing some Government websites. Follow this guide to remedy most of them.
2. Users who are still using Outlook Web Access 2003 may see this message when trying to check their email in IE 10 & 11(this affects Windows 10, 8.1, 8, & 7 users):
Here is what it says (if you really wanted to know :)
Internet Explorer 10 & 11 are not compatible with Outlook Web Access 2003. You can use Compatibility view by clicking the 'torn paper' icon (IE 10) in the web address line. IE 11 users, look at slide 20 in this guide.
3. Users who are using Kaspersky [antivirus] and trying to get to DTS may have issues. Read more here
"This is a known issue with Java, Windows 8 and Kaspersky [antivirus].
Kaspersky is working on an automated fix, but for now try this
4. Windows RT users cannot install the DoD certificates by using the InstallRoot file. You have a different way of installing the DoD certificates, which are currently Certificate Authority (CAs) 27-46.
Right Click this link DoDRootCA25-46.p7b and select "Save Target As," save to your desktop. Right click the "DoDRootCA25-46.p7b" file and select: "Install Certificate," Next, Next, Finish, OK.
The DISA download link below only has CAs 19-30, which means it is missing CAs 31-46. So, if your CAC has 31 or higher, you need the file above.
Go to: http://dodpki.c3pki.chamb.disa.mil/rootca.html (you will need to add 'disa.mil' to Compatibility View Settings in IE 11 to access the page)) Download the file titled: Download_Root_CA_2_Certificate follow on screen instructions
You also need to download this file: Right Click this link DoDRoot2-x3.p7b and select "Save Target As," save to your desktop. Right click the "DoDRoot2-x3.p7b" file and select: "Install Certificate," Next, "Place all certificates in the following store," then "Browse...", select "Trusted Root Certification Authorities," then OK, Next, Finish, OK.
NOTE: If you receive the message "There is a problem with this website's security certificate." follow this guide
NOTE2: Follow this guide to clear the certificates manually since you cannot run the Cross Cert Removal Tool (only written for regular Windows).
During the install process, ActivClient 7.0.2.x needs to stop and restart
the Certification Propagation Service, but fails to do so. The install hangs
with an "Error stopping certpropsvc" and then a Retry or Cancel window.
This service MUST be stopped in order for the installation to
continue. Trying to manually stop the service using the services.msc window
does not work (something about the service not responding in a timely
You need to have one of these four CACs: "GEMALTO TOP DL GX4 144," "GEMALTO DLGX4-A 144," "Oberthur ID One 128 v5.5 Dual," or "G&D FIPS 201 SCE 3.2" (see examples below) to use your CAC without the need of ActivClient.
Which CAC do I have video
Read more about the older CACs and replacing them
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Last Update or Review: Thursday, 21 April 2016 15:39 hrs
The following domain
names all resolve to the same website: ChiefsCACSite.com,
CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us