Adsense Leaderboard Ad


Use DoD Smart Card PKI Authentication with FireFox on Linux

Here is a basic tutorial on how to get your Government or DoD Smart Card (Common Access Card or CAC) working with Firefox in Linux.  This will allow you to access Government and DoD website which require PKI authentication using your common access card.

This was tested on Red Hat 7, but should work on most Linux systems.  For Debian variants you will have to use a different package manager and the package names may vary.

1) Install the necessary packages.

yum -y install coolkey pcsc-lite*

2) Start the pscsd service/socket

systemctl status pcscd.service

3) Open Firefox and add coolkey module to security devices

Go to Preferences > Advanced then click the certificates tab

Click "Security Devices"

Click "Load"

Module Name: DoD PKI
Module Filename: /usr/lib64/pkcs11/

4) Install DoD root certificates


Scroll to bottom of page under " PKI CA Certificate Bundles: PKCS#7"

Download " For DoD PKI Only - Version 5.0"

Extract the zip file and inside the uncompressed directory you will find 3 certificate files named similar to:


5) Go back to Firefox, Preferences > Advanced and Click Certificates.

Click View Certificates to open the Certificate Manager

Click Import at the bottom of the screen and import the 3 files mentioned in step 4.  You will have to do one at a time.

That's it.  You CAC should now work without issue on Firefox.


How to Install DoD Root Certificates in Google Chrome on Linux

I was unable to find full working directions for this so hopefully this helps someone.  I tested on Fedora 25 and Red Hat 7.

Go to:

Scroll all the way to the bottom until you see "PKI CA Certificate Bundles: PKCS#7"

Click the download link that says "For DoD PKI Only - Version 5.0"

When the zip file is done downloading, open a terminal and go to that directory and unzip the file.


Now cd into the newly created directory.

cd Certificates_PKCS7_v5.0u1_DoD/

Now run the following command to import the p7b files:

for n in *.p7b; do certutil -d sql:$HOME/.pki/nssdb -A -t TC -n $n -i $n; done

To check the status of the certs installed you can run:

certutil -d sql:$HOME/.pki/nssdb/ -L


Google Drive Linux Clients - Options?

Google has been promising a Linux support for Drive since it first debuted in 2012.  Here we are on the cusp of 2017 and there is no official Drive support in sight.

I have played around with a few options and figured I would share my experiences here to hopefully help someone.

All of my testing has been done of Fedora 23,24 or 25 which is my distro of choice.  I have also dabbled a bit with Ubuntu, but not enough to give a recommendation.

If you do a quick search you will find a few command line options for using Google Drive.  All of which I have found painful to get working.  On top of that the projects seem dead.  Some not being updated in 2+ years.  Plus, command line utilities are not exactly what I was looking for.  These are my least favorite options.  I can not really recommend these to anyone who will depend on them for daily workflow.  If you want to tinker here are a few examples.

My favorite CLI option is g sync, which basically gives you rsync functionality to your Google Drive.  This allowed me to sync the way I wanted to, but can be painful to get working and I had issues setting it up with 2 factor authentication.  Once I had it configured, I wrote some scripts to two way sync.  Worked well.

If you are willing to pay a few dollars, there is a decent option called overGrive.  It has both Ubuntu and Fedora packages and installs fairly easily.  This client adds a Google Drive folder and if you put anything in it, it will sync it to your Google Drive, perfect right?  Well not for me.  This works similar to Google's official offering on Windows. Although it does offer two way sync (Drive to Local, Local to Drive) it does so only within a certain Google Drive Folder.  overGrive also has some nifty features like multiple account sync, converting Google Docs to Office formats, Convert files from Office to Google Drive, and also offers support.  It works well and costs a measly $4.99.  Not a bad deal if this is what your looking for.

Here is a link to overGrive:

The last option, and my personal favorite, costs a bit more.  Insync offers a long list of features including everything overGrive offers and more.  It also converts openoffice documents, Let's you pick your own folder to sync (IMPORTANT), on-demand shared file syncing, Desktop notifications, A feed of your file changes, and much more.  Now the reason I like this is because I can select my local "Documents" folder (/home/savona/Documents) and have it two way Sync with Google Drive.  I don't need to have a "Google Drive" folder somewhere and add files to it.  So for example if I am working on the road (this is not my day job, or I would be broke) I can save something to Google Drive and when I get home I will have a synced copy in my Documents folder.  If I am working on something on my laptop offline, soon as I connect to the internet it will sync my work with Google Drive.  This is the way I would expect a client to operate.  Although I have never used the Windows Client from Google, I speak to many people who wish this functionality was available to them in the Windows world.  Needless to say, many of them are now using Insync.  At $25 a license per Google Account it is a little more expensive than the other options, but for me it was WELL worth it.  The license also comes with unlimited installs, so you can install it on your Desktop, Work Computer, Laptop, etc.

Here is a link to Insync:

I am a huge fan of Google Drive, and now I have the functionality I needed.  Hope this helps someone out there.