Adsense Leaderboard Ad

3.17.2017

Use DoD Smart Card PKI Authentication with FireFox on Linux

Here is a basic tutorial on how to get your Government or DoD Smart Card (Common Access Card or CAC) working with Firefox in Linux.  This will allow you to access Government and DoD website which require PKI authentication using your common access card.

This was tested on Red Hat 7, but should work on most Linux systems.  For Debian variants you will have to use a different package manager and the package names may vary.

1) Install the necessary packages.

yum -y install coolkey pcsc-lite*

2) Start the pscsd service/socket

systemctl status pcscd.service

3) Open Firefox and add coolkey module to security devices

Go to Preferences > Advanced then click the certificates tab

Click "Security Devices"

Click "Load"

Module Name: DoD PKI
Module Filename: /usr/lib64/pkcs11/libcoolkeypk11.so

4) Install DoD root certificates

Goto:

Iase.disa.mil/pki-pke/Pages/tools.aspx

Scroll to bottom of page under " PKI CA Certificate Bundles: PKCS#7"

Download " For DoD PKI Only - Version 5.0"

Extract the zip file and inside the uncompressed directory you will find 3 certificate files named similar to:

Certificates_PKCS7_v5.0u1_DoD_DoDRootCA2_withCAs_FirefoxChromeOS.der.p7b

5) Go back to Firefox, Preferences > Advanced and Click Certificates.

Click View Certificates to open the Certificate Manager

Click Import at the bottom of the screen and import the 3 files mentioned in step 4.  You will have to do one at a time.

That's it.  You CAC should now work without issue on Firefox.

No comments:

Post a Comment