Page 4 of 7 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 64

Thread: How To: Setup DOD Common Access Card (CAC) for service portals

  1. #31
    Join Date
    Mar 2010
    Beans
    3

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    Quote Originally Posted by Sgt-Slyde View Post
    I'm seeing the same thing as PhilB; I had the CAC reader running fine in Jaunty and then had to replace my CAC out at work, now the new one is coming up with that same "Status - Not Present" and "Manufacturer - Unknown" when I check it out in Firefox. (Edit > Preferences > Advanced > Security Devices"). I've removed/reinstalled Coolkey, libccid, even renamed the .Mozilla folder in my home directory and made Firefox generate a new profile. So far no luck getting the new CAC to work even though the one I had until Thursday, April 1st worked fine under Karmic, Jaunty, and even the Lucid beta release. The new card may as well not exist for all Firefox sees of it.
    I think I figured it out.

    Just tested a friend of mine's CAC card in my Ubuntu setup and it seems that not all CAC cards are created equal. My card must be like yours. When running pcsc_scan, the card type that comes up is:

    DoD CAC card issued Jan 14, 2010

    but my friend's CAC comes up with this

    CAC (Common Access Card).

    His card detected fine in Firefox and the security device tab was able to pick up his information while mine still said "Not Present". So, I'm thinking about going to the MPF and getting a new CAC card to try. The thing I'll look for is the difference in the chip electrical contacts. My friend's had all straight divider lines between all contacts. The center contact on my card resembles a mastercard logo. It looks like two adjacent circles overlapping in the center. If the new card has that style contact, I'm going to ask for a different one. We'll see happens.

  2. #32
    Join Date
    Nov 2009
    Beans
    1

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    Thank you for this great tutorial. I receive the following message when I insert the CAC:


    Tue Jun 29 17:41:20 2010
    Reader 0: SCM SCR 3310 00 00
    Card state: Card inserted, Unresponsive card,


    Any Ideas? I have 2 different card readers (scr3310 and st-1000) both give same result.

    I can use the card when on base.

    thanks in advance

  3. #33
    Join Date
    Jul 2010
    Beans
    1

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    Hey Thanks a lot!! It worked!

  4. #34
    Join Date
    Aug 2010
    Beans
    2

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    Anyone have any luck with DTS? My CAC card is working fine for everything else but I cannot seem to get into DTS. When I first set it up I got a window asking me to point to a library..may have been associated with coolkey. I think I put in the wrong information but I never do get that window anymore and can not figure out how to modify it. I have uninstalled and reinstalled the CAC card reader and associated packages and did the same thing with the java packages. Now I just get the DTS login error:
    There has been a problem with login
    The site is experiencing technical difficulties. Please try again later or contact your DTS site administrator for assistance.



    Any ideas? Thanks!

  5. #35
    Join Date
    Jul 2009
    Beans
    20

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    Anyone had any luck with getting one of the Gemalto 144k cards to work? My card is detected but doesn't show the certificates to Firefox.

  6. #36
    Join Date
    Sep 2010
    Beans
    18

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    I'm trying to get this working on Lucid running on a PowerMac G4. I basically followed the instructions here: https://help.ubuntu.com/community/CommonAccessCard

    Since there was no cackey for my system, I downloaded the source and compiled - which seemed to go fine once I also installed libpcsclite-dev

    I am able to run pcsc_scan and get the following:
    Code:
    PC/SC device scanner
    V 1.4.16 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
    Compiled with PC/SC lite version: 1.5.3
    Scanning present readers...
    0: SCM SCR 331 (21120751G19521) 00 00
    
    Thu Sep 16 08:19:43 2010
     Reader 0: SCM SCR 331 (21120751G19521) 00 00
      Card state: Card inserted, 
      ATR: 3B DB 96 00 80 1F 03 00 31 C0 64 77 E3 03 00 82 90 00 C1
    
    ATR: 3B DB 96 00 80 1F 03 00 31 C0 64 77 E3 03 00 82 90 00 C1
    + TS = 3B --> Direct Convention
    + T0 = DB, Y(1): 1101, K: 11 (historical bytes)
      TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
        250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
      TC(1) = 00 --> Extra guard time: 0
      TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
    -----
      TD(2) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following 
    -----
      TA(3) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V 
    + Historical bytes: 00 31 C0 64 77 E3 03 00 82 90 00
      Category indicator byte: 00 (compact TLV data object)
        Tag: 3, len: 1 (card service data byte)
          Card service data byte: C0
            - Application selection: by full DF name
            - Application selection: by partial DF name
            - EF.DIR and EF.ATR access services: by GET RECORD(s) command
            - Card with MF
        Tag: 6, len: 4 (pre-issuing data)
          Data: 77 E3 03 00
        Mandatory status indicator (3 last bytes)
          LCS (life card cycle): 82 (Proprietary)
          SW: 9000 (Normal processing.)
    + TCK = C1 (correct checksum)
    
    Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
    3B DB 96 00 80 1F 03 00 31 C0 64 77 E3 03 00 82 90 00 C1
        CAC (Common Access Card)
    The issue I'm having is getting the module installed in Firefox (3.6.9). When I browse to the libcackey.so file and click OK - Firefox just simply quits. When I go back in and look to see if it maybe installed, it didn't. Any ideas?

  7. #37
    Join Date
    Jul 2009
    Beans
    20

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    Quote Originally Posted by Thystra View Post
    Anyone had any luck with getting one of the Gemalto 144k cards to work? My card is detected but doesn't show the certificates to Firefox.

    I found the solution to my problem - As i got a new card recently, it was with DOD CA 25, and my root certificates did not have those installed. Update to the latest root certificates and you will be able to connect to the sites again. Just make sure to download them before you get a new(er) card.


    As far as it crashing, you might want to try the DOD xpi addon for PKI from https://www.forge.mil

  8. #38
    Join Date
    Oct 2010
    Beans
    5

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    I too had my CAC working perfectly in CentOS - but 2 days ago had to get a new CAC because the old one expired. This one is a GEMAL TO 144 card and does *NOT* work.
    Running: CentOS 5.4 with the following relevant packages:

    Code:
    pcsc-lite-libs-1.4.4-0.1.el5
    pcsc-lite-devel-1.4.4-0.1.el5
    pcsc-lite-acr38u-1.7.9-2.el5.rf
    pcsc-lite-1.4.4-0.1.el5
    coolkey-1.1.0-14.el5
    In addition, I installed the latest root certs (including the CA that signed/issued my card) - no luck. A co-worker in the office still has the older card with WORKS. The older card shows up as expected in the Gnome Smart Card Manager, and in Firefox + Thunderbird. The card - nothing - "No Cards Present".

    Still looking for a solution for these new CAC's, and am ALL ears if anyone has any suggestions. TIA

    --ponga

  9. #39
    Join Date
    Oct 2010
    Beans
    5

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    RESOLVED

    Evidently it's simply a problem with the coolkey library not being able to interrupt the new 144k cards. Our fine DoD fellows have the solution:
    <https://software.forge.mil/sf/frs/do....cackey.0_5_12>

    Simply get the RPM or DEB or SRC from there (CAC required, ironically) - install and within Firefox or Thunderbird or whatever, point to the .so file that the package installed and... viola!

    Still trying to figure out how to get that working with the gnome-keyring and gnome smart card manager... but that's another project for another day I suppose.

    FYI, Fedora has some updated source RPM's... I think I try that too, I've heard that the latest coolkey supports the new cards as well. Anyway...

    Cheers.

    --ponga

  10. #40
    Join Date
    Oct 2010
    Beans
    1

    Re: How To: Setup DOD Common Access Card (CAC) for service portals

    Quote Originally Posted by JT3 View Post
    Anyone have any luck with DTS? My CAC card is working fine for everything else but I cannot seem to get into DTS. When I first set it up I got a window asking me to point to a library..may have been associated with coolkey. I think I put in the wrong information but I never do get that window anymore and can not figure out how to modify it. I have uninstalled and reinstalled the CAC card reader and associated packages and did the same thing with the java packages. Now I just get the DTS login error:
    There has been a problem with login
    The site is experiencing technical difficulties. Please try again later or contact your DTS site administrator for assistance.



    Any ideas? Thanks!
    "rm -rf ~/.DBSign" from your home directory and then try logging in to DTS again.

    Then the "DBSign Universal Web Signer" should finally come back up again. On my machine the settings are:
    PKCS#11 Library: /usr/lib/pkcs11/libcoolkeypk11.so
    PKCS #11 Password: <YOUR CAC PIN>

Page 4 of 7 FirstFirst ... 23456 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •