No access to any CAC websites

CAC access to secure web sites for Mac OS
CGB45
Posts: 2
Joined: Mon Jul 02, 2018 2:31 pm

No access to any CAC websites

Post by CGB45 » Mon Jul 02, 2018 2:46 pm

Hi, I've looked through your forums and have tried a handful of fixes for the issue below, but can't seem to get access to any CAC-required websites.

I'm running High Sierra with Safari. I've downloaded the DoD certs from MilitaryCAC.com, double checked the trust settings and removed all duplicates of root certs, tried clearing the token cache, and have upgraded the drivers of both my CAC readers (an SCR-3500-A and an HID OMNIKEY 3121).

When I try to log into the AF Portal, I get "No Client Certificate presented #555.240230d6.1530560429.2328c0"

When I try DFAS MyPay, I get "myPay SmartCard error: 403.7. The page requires a client certificate. The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server will recognize. The client certificate is used for identifying you as a valid user of the resource."

When I try webmail, I get "This application requires a valid client EMAIL certificate. Please check your client certificate settings and try again."

And when I try DTS, I get "Login Error. There has been a problem with your login. Error is: Could not communicate with security server (invalid HTTP status code -1, probably access denied because of cross domain scripting), dbsign code: 305"

Is there any help you can provide?

michaelwolfe
Posts: 352
Joined: Fri Feb 17, 2012 11:49 am

Re: No access to any CAC websites

Post by michaelwolfe » Mon Jul 09, 2018 11:52 am

CGB45,

Do you happen to have an anti virus installed on your Mac such as AVG, Avast, Kaspersky, or McAfee? If so, see if the web shield is enabled and disable it. The web shield has been known to prevent Safari and Chrome from accessing your CAC certs.


-Michael

goodluvv
Posts: 1
Joined: Sat Jul 21, 2018 12:30 pm

Re: No access to any CAC websites

Post by goodluvv » Sat Jul 21, 2018 12:34 pm

Michael,

THANK YOU SOOOO MUCH for this. This was the issue that kept me from accessing CAC-enabled websites. I've been trying for a whole week to figure out what is wrong with my CAC readers x2, MBA, etc., and come to find out, it was my AVG antivirus software.
I thought I was going crazy following the directions to a tee and still not being able to access any websites.

michaelwolfe
Posts: 352
Joined: Fri Feb 17, 2012 11:49 am

Re: No access to any CAC websites

Post by michaelwolfe » Mon Jul 23, 2018 8:18 am

goodluvv wrote:
Sat Jul 21, 2018 12:34 pm
Michael,

THANK YOU SOOOO MUCH for this. This was the issue that kept me from accessing CAC-enabled websites. I've been trying for a whole week to figure out what is wrong with my CAC readers x2, MBA, etc., and come to find out, it was my AVG antivirus software.
I thought I was going crazy following the directions to a tee and still not being able to access any websites.
goodluvv,

Thank you for letting us know this resolved the problem for you. Please let us know if you have any other questions or trouble logging into other sites.


-Michael

seaphill
Posts: 1
Joined: Wed Sep 05, 2018 12:17 am

Re: No access to any CAC websites

Post by seaphill » Wed Sep 05, 2018 12:24 am

Hello,

I'm also having the above issue. The odd thing is that at one point a month ago, I was able to log on to DoD email. But it was occurred only once and I was not able to replicate it. After attempted several other tries, I was getting frustrated. This prompted me to buy PKard in an attempt to fix the issue. Alas, no fix yet. I have reinstalled the DoD certificates numerous times. The Keychain Access recognizes my CAC. I have no antivirus on my computer. I'm generally at a loss.

I have High Sierra 10.13.4 and Smart Card reader ACR39U ICC Reader.

Thanks in advance.

michaelwolfe
Posts: 352
Joined: Fri Feb 17, 2012 11:49 am

Re: No access to any CAC websites

Post by michaelwolfe » Wed Sep 05, 2018 7:22 am

seaphill,

I have a couple of forum posts that I would like you to take a look at. The first of which is a forum post regarding the CAC certificates in your Keychain. Please make sure you have all of the apporpriate DoD certificates within your Keychain, and that you have trusted all of the Root CA's.

viewtopic.php?f=11&t=1331

Next, select your CAC within Keychain access. Do you see any blue + signs on any of the certs? If so, then double click on the certificate, click the arrow next to Trust and change the first drop down to "Use System Defaults". Manually trusting your CAC certificates can cause various authentication issues.

Are you prompted to select a certificate, or prompted to enter your PIN/"Keychain Password"? If not, please use this forum post for deleting Identity Preferences.

viewtopic.php?f=11&t=318


-Michael

yellow55
Posts: 3
Joined: Sun Nov 18, 2018 4:45 pm

Re: No access to any CAC websites

Post by yellow55 » Sun Nov 18, 2018 4:49 pm

I am having the same issue. When I click on cac access in google chrome (from a mac) I get the 403.7 error and it never prompts me for my pin. If I try it in safari, it prompts me for my pin but simply loads a blank page after. Please help. This has been an issue for almost 6 months minus one night last month when I updated my firmware, reloaded all my certs and re downloaded software. One night it worked. One.

yellow55
Posts: 3
Joined: Sun Nov 18, 2018 4:45 pm

Re: No access to any CAC websites

Post by yellow55 » Sun Nov 18, 2018 4:52 pm

Hey there. I'm having this same issue using a Macbook pro and Chrome as well as safari. Chrome gives a 403.7 error when accessing mypay and a no client presented error when accessing ako and never asks for pin or selection or cert. With safari it asks for the cert but then loads a blank page after cert is selected. Please help.
Brendan

kim
Posts: 67
Joined: Fri Apr 29, 2016 10:22 am

Re: No access to any CAC websites

Post by kim » Mon Nov 19, 2018 8:10 am

yellow55 wrote:
Sun Nov 18, 2018 4:52 pm
Hey there. I'm having this same issue using a Macbook pro and Chrome as well as safari. Chrome gives a 403.7 error when accessing mypay and a no client presented error when accessing ako and never asks for pin or selection or cert. With safari it asks for the cert but then loads a blank page after cert is selected. Please help.
Brendan
Hi yellow55,
Take a look at our forum post here viewtopic.php?f=11&t=1331 This will guide you through making sure your Keychain is properly setup for CAC use. Mirror your keychain with the screenshots in that post. Confirm that you have all the required DoD Root CA certs 2 thru 5 manually trusted in your system keychain. If you're missing some, you can download and import them via links provided in the forum post. Same with the remainder of the DoD certs. The post is easy to follow with plenty of screenshots and how-to info.

Once you're done straightening your keychain, kill Chrome (cmd+Q), re-launch it and try a CAC site. Let me know if this helps. Thanks!

- Kim, Thursby Support

yellow55
Posts: 3
Joined: Sun Nov 18, 2018 4:45 pm

Re: No access to any CAC websites

Post by yellow55 » Mon Nov 19, 2018 1:11 pm

Ok, redownloaded all certs and reinstalled it. I now have all the certs in login and under Yellow5 and only a few show up under my CAC card. Is this the issue? and if so how do I fix it? It will not let me add the certs directly to the CAC.

Post Reply