This is the article I used to configure my CAC: http://www.hrgeeks.com/2008/11/21/using-a-dod-cac-with-ubuntu-and-firefox/
Below I'm pasting the actual commands from the article above: (slightly modified as I noted some changes)
- apt-get install libccid pcscd coolkey
- In firefox Edit-Preferences-Advanced-Encryption-Security Devices-Load
- Use DoD CAC for the module name and /usr/lib/pkcs11/libcoolkeypk11.so for the file.
- Click OK on the next few popups.
- Back on the Security Devices page, insert your CAC, and make sure Login lights up.
- You may want to make sure you have the security device under DoD CAC selected.
Go to http://dodpki.c3pki.chamb.disa.mil/rootca.html and select each of the certificate links starting at the top. Firefox will prompt you, just accept the prompts. If you believe the DOD page has been hacked you can validate the certificates before accepting them, but that's up to you.
Finally go to the site you want to access (webmail, AKO, DKO, etc). For me I needed webmail. When I visited the site it asked me which certificate to use. I first selected the certificate that indicated it was for authentication. This didn't work and the site refused to work again. I undid this mistake by doing the following:
- In firefox Edit-Preferences-Advanced-Encryption-View Certificates-Servers
- Find the website in the list and delete it.
Here is the official Ubuntu help page. It may have more guidance if you get stuck. I didn't find this page until now so I wasn't able to use it.
https://help.ubuntu.com/community/CommonAccessCard
To Do Another Day:
- My browser asks for my pin and for me to choose the certificate on every visit. Not bad, but I would like it to remember the certificate.
- Enable email signing via webmail.
No comments:
Post a Comment