MOST PEOPLE ARE ABLE TO USE THEIR CAC WITH WINDOWS 8 / 8.1
Utilizing your CAC on Windows 8.1 "can" be as easy as...
To use DTS with Internet Explorer 11 on Windows 8.1, look here for instructions
People who have updated from Windows 8 to 8.1 (who were previously using ActivClient 6.2.0.x) will need to uninstall it, restart computer to be able to use your CAC now.
NEWS: The latest patch at or above (188.8.131.528) for ActivClient 184.108.40.206 (below) is needed to use your CAC with Windows 8.1. In my tests it will read, but you are still prompted for your PIN quite often. I was also not able to read most emails, I could only see the header. Google Chrome would open up all except the encrypted emails since S/MIME is not compatible with any web browser other than Internet Explorer.
NOTE: One VERY Annoying issue when using the Windows 8 & 8.1 built in Smart Card Utility [even using ActivClient 7.0.1.x / 7.0.2.x] is when accessing Outlook Web App (OWA) aka web.mail.mil. You may be prompted for your PIN constantly. Windows 7 users had the option to install ActivClient 6.2.0.x to cache their PIN. The current 6.2.0.x version of ActivClient does not work on [most people's] Windows 8 or 8.1 computers. Both Smart Card Manager & CSSi did not experience this very annoying issue for me in my tests. (Smart Card Manager is not helping some Navy personnel with the annoying PIN prompt). CSSi did require me to "activate" my CAC each time I inserted it into the reader. See below for links.
NOTE: Two individuals have emailed me stating that if you add the website you are having the constant PIN prompts to the Intranet zone, the persistent PIN prompts went away. Here's how: Open IE, click Tools, Internet Options, Security, Local Intranet, Sites, Advanced, enter your webmail (or other CAC site) into it. NOTE: This did not help in my tests.
The basic CAC installation on Windows 8 / 8.1 is no different than it is for Windows 7 other than...
1a. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 6.2.0.x] will need to uninstall it, restart computer to be able to use your CAC.
1b. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 220.127.116.11] should uninstall 7.0.2.x and then update to 18.104.22.168 (download link)
NOTE: "Some" people who have the Windows 8 / 8.1 BASIC edition [shows only as Windows 8 / 8.1] are unable to get it to work [I'm hearing of a few more each day that some people are having luck. I have not figured why some work and some don't]. So, if it doesn't work for you, you have the following three solutions:
Windows 8 uses Internet Explorer 10 or 11, Windows 8.1 uses IE 11. The same problems we had with IE 9 have continued with IE 10 & 11 in regards to accessing some Government websites. Follow this guide to remedy most of them.
2. Users who are still using Outlook Web Access 2003 may see this message when trying to check their email in IE 10 & 11(this affects Windows 10, 8.1, 8, & 7 users):
Here is what it says (if you really wanted to know :)
Internet Explorer 11 is not compatible with Outlook Web Access 2003. You can use Compatibility view by clicking the 'torn paper' icon (IE 10) in the web address line. IE 11 users, look at slide 20 in this guide.
3. Users who are using Kaspersky [antivirus] and trying to get to DTS may have issues. Read more here
"This is a known issue with Java, Windows 8 and Kaspersky [antivirus].
Kaspersky is working on an automated fix, but for now try this
4. Windows RT [or anyone not wanting to install DISAs InstallRoot file] can follow this manual method of installing the DoD certificates, which are currently DOD CA-33 through DOD SW CA-61.
Right Click this link AllCerts.p7b and select "Save Target As," save to your desktop. Right click the "AllCerts.p7b" file and select: "Install Certificate," Next, Next, Finish, OK. They will go to the correct Intermediate Certifications Authority tab in Internet Explorer, Internet Options.
You also need this file: Right Click this link DoDRoot2-5.p7b and select "Save Target As," save to your desktop. Right click the "DoDRoot2-5.p7b" file and select: "Install Certificate," Next, "Place all certificates in the following store," then "Browse...", select "Trusted Root Certification Authorities," then OK, Next, Finish, OK.
NOTE: You will be prompted with a Security Warning for each of the Root certificates you are adding. Select "Yes"
NOTE1: If you receive the message "There is a problem with this website's security certificate." follow this guide
NOTE2: Follow this guide to clear the certificates manually since you cannot run the Cross Cert Removal Tool (only written for regular Windows).
During the install process, ActivClient 7.0.2.x needs to stop and restart
the Certification Propagation Service, but fails to do so. The install hangs
with an "Error stopping certpropsvc" and then a Retry or Cancel window.
This service MUST be stopped in order for the installation to
continue. Trying to manually stop the service using the services.msc window
does not work (something about the service not responding in a timely
You need to have one of these five CACs: "GEMALTO TOP DL GX4 144," "GEMALTO DLGX4-A 144," "Oberthur ID One 128 v5.5 Dual," "Oberthur ID One v5.5a D," or "G&D FIPS 201 SCE 3.2" (see examples below) to use your CAC without the need of ActivClient.
Which CAC do I have video
Read more about the older CACs and replacing them
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Last Update or Review: Sunday, 05 January 2020 20:24 hrs
The following domain
names all resolve to the same website: ChiefsCACSite.com,
CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us