CAC Developer Kit (CDK) - This CDK contains documentation and software needed to interact with the CAC's machine-readable media smart card ship, magnetic stripe, and barcodes. The kit is designed for developers of client-side workstation applications using the CAC data and services, and developers of card-side applets and middleware. Cac reader software, free download - Foxit Reader, Midea CAC, Cac Mobily, and many more programs. Best Video Software for the Mac How To Run MacOS High Sierra or Another OS on Your Mac Best. I have a Mac and use my cac card reader when need be. Militarycac as someone mentioned earlier can tell you what you need to do to make it work. Also chrome is one of the only browsers that works for me.
Microsoft Windows:
Windows users should not need to install any drivers. Drivers self-install on all Windows platforms. These drivers are for rare use on legacy Windows platforms only. Please contact us before using these drivers.
SGT111/SGT114/SGT116/SGT117/SGT118/SGT119/SGT121/SGT122 Windows XP/Vista/Win7 Drivers (.zip 4.5MB)
SGT111/SGT114/SGT116/SGT117/SGT118/SGT119/SGT121/SGT122 Windows 98/2000 Drivers (.zip 2.0MB) SGT111/SGT114/SGT116/SGT117/SGT118/SGT119/SGT121/SGT122 CCID Drivers (.zip 4.5MB)
To determine if your reader has properly self-installed on a Windows workstation, go to Windows Device Manager (right-click on Computer (This PC in Windows 8/10), select Properties and select Device Manager).You should see a list of devices similar to the list below.There should be a category entitled Smart card readers and if you click on it, it should show a device named Microsoft Usbccid Smartcard Reader (WUDF) or similar.
Macintosh Installer (.pkg driver) for Mac OS X 10.7 or earlier Mac OS Installer (.zip 6KB) (updated 7/29/11) Note to Mac OS: No driver is required for SGT111-7, SGT111-8, SGT111-8c, SGT117XE-3, SGT117XE-4, SGT118-6, SGT118-6c, SGT119XM-4, SGTiall-2 and SGTiall-2c OS X will self-install an EMV Smart Card reader driver automatically. To determine if these readers are properly installed go to:
ï / About This Mac / System Report.. / Hardware / USB. An 'EMV Smartcard Reader' device should be present.
Macintosh Installer for older SGT smart card readers (.dmg Disk Image File) for Mac OS X 10.8, 10.9, 10.10, 10.11, 10.12, 10.13 (Mountain Lion, Mavericks OS, Yosemite OS, El Capitan, Sierra. High Sierra) Mac OS Installer (OS X Disk Image File 226KB) (updated 1/3/15) For OS X versions 10.11 and newer. You may have to turn SIP off to install driver: 1. Boot into recovery mode (CMD+R) before Apple Icon shows up. 2. Open terminal from the menu -> utilities. 3. Run command csrutil disable. Cac Software For Mac4. Run command reboot to restart.5. Install driver normally DOD and US Govt Macintosh users please reference http://militarycac.com/apple.htm for additional install procedures
Linux Users: SGT111/SGT114/SGT116/SGT117/SGT118/SGT119/SGT121/SGT122 Linux Driver (.bz2 78KB)Also see: http://pcsclite.alioth.debian.org/ccid.html Is Antivirus Software Necessary For MacNote to DOD CAC/PIV Users: The above software and the software included on your CD is not required nor recommended for DOD CAC use. Consult your Command's IT Officer.
Android Users:
The SGT111-7, SGT111-8, SGT111-8c, SGT117XE-3, SGT117XE-4, SGT118-6, SGT118-6c, SGT119XM-4, SGTiall-2 and SGTiall-2c self-install and are compatible with Android versions 5 and newer. No drivers are required.
We support:
20 Oct 2014 Using PIV smart cards with Mac OS X 10.10 Yosemite
Posted at 16:06h in Employee Posts, Tech Notes11 Comments
Using PIV smart cards for HHS VPN login with Mac OS X 10.10 Yosemite
Note: This entire post is basically google search bait designed to (hopefully) allow others struggling with the same issues to save a bit of time. Hope it helps!
Military Cac Card Reader Software For MacOctober 30, 2014 Update
There is an active Citrix support thread on the âno valid certificates foundâ issue. If this is bothering or interesting you, you may want to monitor this URL: http://discussions.citrix.com/topic/357156-no-certificate-found-at-windows-logon-screen-for-smartcard-authentication/
October 24, 2014 Update
The bulk of this post concerns the $29 Pkard product from Thursby which is the first I found with explicit OS X 10.10 support. I just had a chance to test the new Yosemite 10.10 compatible free SmartCard utility from Centrfy mentioned here: http://www.centrify.com/mac/smartcard/free-smart-card-for-federal-military-cac-piv.asp
. Long story short: It works to get past the VPN gateway but throws the same âno valid certificates foundâ error when trying to login to the Windows desktop via a Citrix Receiver client. Still no idea why this is happening â on other versions of OS X my smart card credentials transparently passed onto the OS. Still â consider the Centrify software if you donât want to spend $29. ![]() Short Summary
I need to use a HHS PIV card to remotely access computer systems from a brand new Macbook air running OS X 10.10 Yosemite. As of the time I wrote this article, the state of freely available open source software for PIV smart card support on Yosemite is pretty lacking. This will change but if you are in a hurry (as I was) the best thing you can do in the short term is pay $29.95 for the Thursby PKard software from http://www.thursby.com/products/pkard-mac â it installed seamlessly and allowed me to login via VPN although for some reason my certificates were not passed on to the Windows remote desktop system, hopefully I donât need the $179 âADmitMacâ product for that.
I expect the state of open source smart card and tokend implementations to get better and more easily usable on Yosemite so I may only be using the Thursday product for a short time. It did, however work fast and got me successfully logged onto the remote VPN server.
Current status: Thursby PKard software works well on Yosemite for VPN access but the Windows desktop I get sent to via a Citrix client reports âno valid certificatesâ and Iâm forced to use my standard user login name and password to complete the final authentication. This was not something I needed to do on OS X 10.7 or 10.7 with the open source smart card software stack.
Background
I do some subcontracting work for a few US Government agencies, one of which requires me to be able to connect remotely to US.GOV networks and infrastructure. The way I connect is via a federal standard PIV Card which is a very cool physical badge that doubles as a holder of biometric and personal crypto certificate information. When Iâm trying to physically enter a building the PIV card is my secure photo ID badge (with backup biometrics and fingerprints stored o it) â when I try to enter a US Government network âvirtuallyâ the same PIV card doubles as VPN access device because it contains a personal set of crypto keys that uniquely identify me. Two-factor authentication is achieved by having to punch in a PIN code when my certs are presented to the remote system. Itâs a very slick and interesting system.
From what I can tell, PIV cards are very similar to the CAC cards carried by military members that are often required for secure web browsing and access to military resources In fact, when searching the internet for PIV assistance you will find that some of the best help resources are coming from the military CAC-user community. A perfect example of this is https://militarycac.com/macnotes.htm and https://militarycac.com/cacenablers.htm â the site that I turned to first when looking for OS X Yosemite PIV/smartcard status info.
My Gear
Getting the PIV card to work on 10.10 Yosemite
Verify your reader works
Attach your reader, use the OS X âAbout this Macâ -> âSystem Reportâ function to verify that your computer and OS actually see and recognize a smart card device:
Hardy rive reader for mac book 2011 price. Buy and install the PKard software
Launch OS X Keychain Assistant
What you want to see is the certificates and credentials that are stored on the smart card. If your USB reader and the PKard software are working, Yosemite 10.10 can now âseeâ the crypto info stored on the PIV card
Fix the Trust Chain (If your PIV certificate is not trusted)
This may not be an issue for an upgraded system but on my brand new laptop my host OS was missing the intermediate certificate trust chain. Keychain Assistant helpfully throws up the red text saying: âThis certificate was signed by an unknown authorityâ
OS X Yosemite does not âtrustâ the Certificate Authorities that signed my PIV card certificates.
The solution is to go out and install the intermediate certificates necessary to build the full lenght trust chain.
The source of trust chain certificates almost certainly depends on what agency you work for or are trying to access. In my case I needed the US GOV Health and Human Services (HHS) intermediate certificates and the best online resource I found for HHS certificates needed for PIV cards is actually over on a NIH hosted site:
I downloaded and installed the âHHS Entrust FPKI Certificate Chainâ from the above website:
Installing the certificates results in a chain of trust that culminates with your personal PIV certificates being recognizes as trusted: Now Test
At this point you have a recognized USB card reader, your personal PIV certificates are visible to Mac OS X and the trust chain is complete. This should be all you need to access or login to PIV-enabled websites.
I removed screenshots showing the portal site I was logging into out of paranoia so I canât show examples of successful logins. Iâll just show this OS X window which is the system prompt you get when your certificate is being used and the host OS wants to verify your PIN code as part of the two-factor authentication process.
If you see this, this is your PIN entry prompt and it means that stuff is generally working:
Remember that this is where your PIN goes, ignore the system text about âkeychain passwordâ â¦
Minor Issue
Using the steps outlined above I can successfully authenticate to the remote access environment I need to use on a daily basis. However, on my older laptop my PIV card credentials were transparently passed onto the Windows OS as well and I was not prompted for a second login.
That is not the case now. After getting past the VPN, the remote desktop session canât see my PIV certificate and I have to fallback to using standard AD username and password. Not optimal but it works for my purposes.
Longer term I want this issue to go away. Iâm not sure if itâs a Citrix Receiver issue or perhaps this is a designed-in behavior of the Thursday software designed to upsell software that offers more functionality. I was willing to pay $29.99 for the functionality I needed and the software and documentation is great but Iâm not going to shell out $179 for SSO access to a Windows Desktop.
Iâm going to keep researching this and will keep an eye on the state of open source / free smart card services for Yosemite 10.10. Will update this post as needed.
16
2011-04-19 15:47:43
16
Appleâs XServe comes with a Lights Out Management (LOM) capability. For anyone dealing with co-located
16
2019-04-23 11:15:15
10
2019-03-13 11:24:30
10
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |