Search MilitaryCAC:

Site Map

Please ShareThis website with your friends and colleagues logo

.com | .us | .ml  | .mobi | .net | .org

The Definitive Source for Everything CAC

Common Access Card help for your
ersonal Computer

Be notified of
page updates
It's private
Powered by:


Also available at:


Make a Donation button image











Utilizing your CAC on Windows 8.1 "can" be as easy as...

 Installing the DoD Root certificates and making sure the Internet Options are set correctly.


To use DTS with Internet Explorer 11 on Windows 8.1, look here for instructions

People who have updated from Windows 8 to 8.1 (who were previously using ActivClient 6.2.0.x) will need to uninstall it, restart computer to be able to use your CAC now. 

NEWS: The latest patch at or above ( for ActivClient (below)  is needed to use your CAC with Windows 8.1.  In my tests it will read, but you are still prompted for your PIN quite often.  I was also not able to read most emails, I could only see the header.  Google Chrome would open up all except the encrypted emails since S/MIME is not compatible with any web browser other than Internet Explorer.

Some interesting Windows 8 informational links

NOTE:  One VERY Annoying issue when using the Windows 8 & 8.1 built in Smart Card Utility [even using ActivClient 7.0.1.x / 7.0.2.x] is when accessing Outlook Web App (OWA) aka  You may be prompted for your PIN constantly.  Windows 7 users had the option to install ActivClient 6.2.0.x to cache their PIN.  The current 6.2.0.x version of ActivClient does not work on [most people's] Windows 8 or 8.1 computers.  Both Smart Card Manager & CSSi did not experience this very annoying issue for me in my tests. (Smart Card Manager is not helping some Navy personnel with the annoying PIN prompt).  CSSi did require me to "activate" my CAC each time I inserted it into the reader.  See below for links.

NOTE:  Two individuals have emailed me stating that if you add the website you are having the constant PIN prompts to the Intranet zone, the persistent PIN prompts went away.  Here's how: Open IE, click Tools, Internet Options, Security, Local Intranet, Sites, Advanced, enter your webmail (or other CAC site) into it.  NOTE: This did not help in my tests.

 The basic CAC installation on Windows 8 / 8.1 is no different than it is for Windows 7 other than...

1 PLEASE KNOW:  Installing ActivClient 6.2.0.x or 6.1.x.x may make your CAC NOT work.  You "may" be able to use the Windows 8 or 8.1 built in Smart Card utility

1a. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 6.2.0.x] will need to uninstall it, restart computer to be able to use your CAC.

1b. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient] should uninstall 7.0.2.x and then update to (download link)


NOTE:  "Some" people who have the Windows 8 / 8.1 BASIC edition [shows only as Windows 8 / 8.1] are unable to get it to work [I'm hearing of a few more each day that some people are having luck.  I have not figured why some work and some don't].  So, if it doesn't work for you, you have the following three solutions: 

        A.  Install ActivClient  ARMY users can download from link here.  All other branches can purchase it from: SCB Solutions or TX Systems.

        B.  Install CSSi for Windows (available for purchase from SCB Solutions or TX Systems)  

Windows 8 uses Internet Explorer 10 or 11, Windows 8.1 uses IE 11.  The same problems we had with IE 9 have continued with IE 10 & 11 in regards to accessing some Government websites.  Follow this guide to remedy most of them.

2. Users who are still using Outlook Web Access 2003 may see this message when trying to check their email in IE 10 & 11(this affects Windows 10, 8.1, 8, & 7 users):

OWA2003IE10 image

Here is what it says (if you really wanted to know :)

OWA2003IE image text

Internet Explorer 11 is not compatible with Outlook Web Access 2003.  You can use Compatibility view by clicking the 'torn paper' icon (IE 10) in the web address line.  IE 11 users, look at slide 20 in this guide.

Compatibility view image


3. Users who are using Kaspersky [antivirus] and trying to get to DTS may have issues.  Read more here

"This is a known issue with Java, Windows 8 and Kaspersky [antivirus].  Kaspersky is working on an automated fix, but for now try this workaround:

Open Kaspersky 2013
Click Settings
Click Application control
Click Applications
Look for Oracle America (this is the Java and it should be trusted already)
Open each item in that folder using double click
Under the tab Exclusions check all 5 checkboxes and click OK"

A person reported that he also had to exclude all of the Java Platform SE binary entries under the Oracle "+" button as well.


4. Windows RT [or anyone not wanting to install DISAs InstallRoot file] can follow this manual method of installing the DoD certificates, which are currently DOD CA-33 through DOD SW CA-61.

Right Click this link AllCerts.p7b and select "Save Target As," save to your desktop.  Right click the "AllCerts.p7b" file and select: "Install Certificate," Next, Next, Finish, OK.  They will go to the correct Intermediate Certifications Authority tab in Internet Explorer, Internet Options.

You also need this file:  Right Click this link DoDRoot2-5.p7b and select "Save Target As," save to your desktop.  Right click the "DoDRoot2-5.p7b" file and select: "Install Certificate," Next, "Place all certificates in the following store," then "Browse...", select "Trusted Root Certification Authorities," then OK, Next, Finish, OK. 

NOTE: You will be prompted with a Security Warning for each of the Root certificates you are adding. Select "Yes"

NOTE1:  If you receive the message "There is a problem with this website's security certificate." follow this guide

NOTE2: Follow this guide to clear the certificates manually since you cannot run the Cross Cert Removal Tool (only written for regular Windows).


5.  During the install process, ActivClient 7.0.2.x needs to stop and restart the Certification Propagation Service, but fails to do so.  The install hangs with an "Error stopping certpropsvc" and then a Retry or Cancel window.  This service MUST be stopped in order for the installation to continue.  Trying to manually stop the service using the services.msc window does not work (something about the service not responding in a timely manner).

Determined to find a workaround, One person looked up the certpropsvc location in the Registry and found it located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertPropSvc. He changed the Start value to 4 which effectively Disabled the service, but not until the machine was restarted.

After a reboot, the .msi package installed perfectly.  He didn't have to go back and undo the Registry changes because the install package fixed it automatically.


You need to have one of these five CACs: "GEMALTO TOP DL GX4 144," "GEMALTO DLGX4-A 144," "Oberthur ID One 128 v5.5 Dual," "Oberthur ID One v5.5a D," or "G&D FIPS 201 SCE 3.2" (see examples below) to use your CAC without the need of ActivClient.

Another guide to help figure out which CAC you have

Gemalto 144 CAC image GemaltoDLGX4-A 144 image  Oberthur 5.5 CAC image Oberthur 5.5a CAC

G&D FIPS 201 SCE 3.2 image


Which CAC do I have video

Read more about the older CACs and replacing them


If you have questions or suggestions for this site, contact Michael J. Danberry

Are you interested in subscribing to the CACNews email list?



ACRONYM Reference Page


GoDaddy Site Certified seal


Last Update or Review:  Sunday, 05 January 2020 20:24 hrs


The following domain names all resolve to the same website:,,, &