Search MilitaryCAC:

Site Map

top
 MilitaryCAC.com logo

.com | .us | .ml  | .mobi | .net | .org


The Definitive Source for Everything CAC

Common Access Card help for your  Personal Mac Computer

Make a Donation button image

 

 

 

ASSISTANCE FOR APPLE USERS 

 

If you are a Chromebook user, go to this page to ask your question

 

 

New imageMac users who choose to upgrade (or already have upgraded) to Mac OS Catalina (10.15.x) or Big Sur (11.x) will need to make sure all 3rd Party CAC enablers are removed per https://militarycac.com/macuninstall.htm  AND reenable the native smart card ability (very bottom of macuninstall page)New image

 

If you just upgraded to 10.15.4 or .5 and lost CAC access (but had it in 10.15.3), please follow these last two items on this page

 

 

 

MOST of the questions received can be corrected / answered by you trying these ideas first: 

 

1.  Please relook at the Mac CAC Install page for instructions on how to install what is needed to use your CAC on your Mac.

 

2. If you have already installed the needed program (based on the link in #1 above) or are having problems accessing websites you have successfully accessed previously, follow this page to learn how to clear the login section of your keychain.

.

3.  If you have an SCR-331 CAC reader, you may need to update the firmware to be able to use this older reader on your Mac.  There is no guarantee it will work, it is an option to try before purchasing a new reader.

 

4. If you have the SCR-3500A USB CAC reader, and trying to use it on 10.11.x (or above), you will need an updated driver, and may have to disable SIP

 

4a.  If you have the ACR-3801, 38, 38U, or 39 CAC reader, you may need to update the driver.

 

4b.  If you have received the "G+D FIPS 201 SCE 7.0" CAC and have the GSR-202 reader, please look here to see if your reader is new enough to work with your new CAC.

 

5.  Please know not every CAC enabler will with work with specific versions of Mac OS (Or your new CAC).  The link in this sentence has a graph to show you which ones will work for your specific version of Mac OS.

 

6.  Follow instructions for loading the DoD certificates into your keychain.

 

7.  If you purchased and installed PKard on an older Mac (prior to Mac OS Catalina) and are having problems, contact Thursby for support

 

8.   If you purchased and installed Charismathics Smart Security Interface (CSSI) on an older Mac (prior to Mac OS Catalina) and are having problems, contact Charismathics for support

 

9.  If you have recently updated to the newest Mac OS from a previous version (PRIOR to Mac OS Catalina) [and you were successfully using your CAC prior to the update], uninstall your CAC enabling program[s], restart computer, then look at the CAC enablers page to see which CAC enablers are compatible with your new version of Mac OS.  Also follow #2 above

.

9a.  If you've just updated your Mac OS and your SCR 331, 3310, 3310v2, or 3500 model reader has stopped working, you may need to update the driver from Identiv's website: http://files.identiv.com/products/smart-card-readers/common-drivers/uTrust_MAC_Driver.zip . Hold the control key [on your keyboard] when clicking the .pkg file [with your mouse], select [the word] Open

 

10.  You receive "Error Code: 500 Internal Server Error.  The server denied the specified Uniform Resource Locator (URL).  Contact the server administrator. (12202)."  Or your system worked recently, but has since stopped working for webmail / OWA, try these ideas: 

10-1.  Make sure you select your PIV Authentication certificate.  IF you have selected the wrong certificate, you need to clear your keychain.

10-2.  Close all open browsers, reopen one and try accessing the site again.

10-3.  Clear your keychain, uninstall all CAC enabling programs, restart computer, reinstall one CAC enabling program, restart computer and try again.  You may want to try a different CAC enabling program.  

10-4.  Follow #6 above

.

11.  If you are having problems logging onto all CAC websites (PRIOR to Mac OS Catalina) [and you can see your name between the words: keychain and login in Keychain access] you may have blocked your CAC.  Only PKard and Centrify will let you verify a blocked CAC on a Mac, otherwise, you'll need a Windows computer (or virtual Windows) via ActivClient (or built in Smart Card program) to see if your CAC is blocked.  If your CAC is blocked, your only option is to visit an ID card office to get the card unblocked.

 

12.  If you see "f5, Your session could not be established"

f5 error image

when logging into your Enterprise Email, clear your keychain and try again.  You can also "Remove All Website Data" found under Safari, Preferences, Privacy.  If that does not work, try again later.  Remember to select your Authentication certificate.

.

13.  If you want to open / work on an NCOER (or any other PDF-F files) you need to have Adobe Reader installed on your Mac and have made it your default PDF viewer.  By default your Mac uses Viewer to open PDFs, which will not allow digital signing.  You'll need to save the PDF-F to your computer, then open it.

 

14.  If you are having problems accessing CAC enabled websites, try disabling your Antivirus / web protection, if this works.. please follow the information below to let your security program access to the CAC enabled websites:

.

Avast users click Preferences, Shields (tab), disable "Web Shield," restart browser and try to access the website again.  You might have to click the 3 equal lines (top right of screen) to get to Preferences, Core Shields (tab), Uncheck all boxes under Web Shield, restart browser and try to access the website again.

 

More information about what Avast is doing can be read here.

.

AVG Turn off Web Shield when you want to access CAC enabled websites

.

Bitdefender users can attempt to disable it when needing to use your CAC, if this doesn't work, you may need uninstall the program and find a different Antivirus program

.

New image-Cisco AnyConnect VPN users may need to uninstall a program called Cisco Umbrella Plugin

.

Covenant Eyes can cause issues for some people.  Only fix we could find is to uninstall it.  Please call 877-479-1119, they can help troubleshoot the issue.  One person I spoke with had an outdated version.  Once the new version was installed, it worked again

.

Kaspersky users turn off "Traffic Processing" under "Network Settings"

-Another fix for Kaspersky users is to turn off "Inject script into web traffic to interact with web pages" located under Settings, Additional, Network.  Uncheck Inject script into web traffic to interact with web pages (under Traffic Processing), Select Continue

-Another fix is to change the "Encrypted connections scanning" option to "Do not scan encrypted connections" located under Settings, Additional, Network settings.

.

McAfee can cause issues, but I don't have a solution other than uninstalling it.

.

McAfee Safe Family  Parental Control program has restricted use for some people.  He uninstalled it, and access was gained to CAC enabled sites.

 

-NordVPN Uncheck Web Protection under the Threat Protection section

.

15.  If you have recently purchased an SCR-3500 reader and it has a Part number of 905430-1 (sometimes shows as SCR-3500A) install this updated driver Hold the control key [on your keyboard] when clicking the .pkg file [with your mouse], select [the word] Open

.

16.  Some of the same "bad certs" that have caused problems for Windows users also show up in the keychain access section on Macs.

 

Note: The DoD Root CA 2 you are removing has the light blue background, leave the yellowish one

    image or image   DoD Interoperability Root CA 1 or CA 2   certificate
    certificate        DoD Root CA 2 or 3  certificate
    image or image   Federal Bridge CA 2016 or 2013  certificate
    image or image   Federal Common Policy CA certificate
certificate or image or image   SHA-1 Federal Root CA G2   certificate
    image or image   US DoD CCEB Interoperability Root CA 1 certificate

 

If you see the listed certificates above, delete them, Once these certificates are deleted, close keychain.  Instructions can be read on the Keychain page

 

17.  If you have encountered any CAC enabled websites that have been working, recently stop working, please try adjusting your DNS.  Some people are receiving an error message similar to this: "The DNS server might be having problems.  Error Code:  INET_E_RESOURCE_NOT_FOUND"

 

- Follow guidance here to change your DNS server.

.

Updated image18. Some websites that were once accessible from any CAC enabled computer are no longer.  This means the below websites are now only accessible from the NIPRnet.
-Army Training Requirements and Resource System (ATRRS) https://atrrs.army.mil
-Assignment Satisfaction Key (ASK) https://www.ask.army.mil/ask
-Global Command Support System-Army(GCSS-Army) https://www.gcss-army.army.mil
-Government Fund Enterprise Business Systems(GFEBS) https://gfebs.army.mil/irk/portal
-Health.mil web based email  (a possible solution is to use this site:  https://avhe.health.mil/), Instructions for this process can be viewed here:  https://thewesslers.com/avhe/ download Citrix App Space from https://citrix.com/download once logged in, select Apps (in top row), type: 
webmail in the search box, then select  WebMail - Edge, it'll download a .ica file, once it runs, it takes a few minutes of stuff happening.  Be patient as it slowly brings up your mail.
-Installation Status Report https://isr.army.mil
-Judge Advocate General Corps Network (JAGCNet) CAC Login https://www.jagcnet.army.mil/Sites/JAGC.nsf
 
-Tour of Duty (MOBCOP) https://mobcop.aoc.army.pentagon.mil

-Enlisted Record Brief (My ERB) https://myerb.ahrs.army.mil/soldierLogin.do
-Reserve Component Manpower System (RCMS) which includes access to: Commander's Strength Management System (CSMM), Electronic Soldier Record Brief (eSRB), Electronic Personnel Actions Tracker (ePAT), & Directors Personnel Readiness Overview (DPRO), and
-Strategic Management System 

This means no CAC access from a home computer.  You'll now need to access these sites from your unit, use your organizations Citrix connection (
Army Reserve), or unit issued computer and use VPN

.

19. If you are unable to sign PDFs once using Mac OS 10.12.x, 10.13.x, 10.14.x, 10.15.x, or 11.x when using the native Smart Card Support.  Please follow guidance here:   https://militarycac.com/esign.htm#Mac_Users:

.

20. If you are being asked for your PIN over and over, or getting errors after entering your PIN, it is possible your CAC may be blocked.  There is a way to verify if this is the issue by downloading and using the Apple authorized Smart Card Utility app:  https://apps.apple.com/us/app/smart-card-utility/id1444710309?mt=12  Please know, it ONLY works for Mac OS 10.14.x, 10.15.x, 11.x, and newer Macs running a 64-bit Intel processor or M1 & M2 processor. IF it shows your card reader name as (LOCKED), you will have to visit an ID card office to get your card unblocked.  https://idco.dmdc.osd.mil/idco  will help you find the nearest one to your location.

.

20b. Utilizing Microsoft Edge may be an option for you to try and is needed when accessing https://webmail.socom.mil.  You can download it here: https://www.microsoft.com/en-us/edge  ONLY works for Mac OS 10.12 and later

.

21. With people being migrated to the Authentication certificate.  You may receive the below image if you attempt to access your webmail using your Email certificate.  Please try the Authentication certificate (Non-Email certificate).

.

image

 

22. Many Navy, Marine, and Air Force Mac users are having problems accessing their email via OWA once getting a new CAC (or when migrated to O365).  I received a message stating this as a fix:  "The solution was to call NMCI Help desk and they authenticated his CAC.  He was then able to log into his webmail again.  So, the solution is to call the NMCI help desk back.

Two other fixes (once account is authenticated to your CAC):

1. Download Microsoft Edge from:  https://www.microsoft.com/en-us/edge

2. Navigate to your particular Office 365 web mail links:  https://o365.usmc.mil   https://webmail.cloud.navy.mil    https://usaf-my.dps.mil  

or

1. Open Safari

2. Click Safari menu, Preferences option, Advanced tab, and check the "Show Develop menu in menu bar", close Preferences

3. Click the Development menu in Safari's menu bar, navigate to "User Agent" and select "Microsoft Edge"

4. Navigate to your particular Office 365 web mail links:  https://o365.usmc.mil   https://webmail.cloud.navy.mil    https://usaf-my.dps.mil  

.

.

23.  If you are having problems unlocking your settings in System Preferences due to it not accepting your administrator password or your CAC seemed to have stopped working after upgrading to Big Sur, please verify if your Mac has a T2 Security Chip.  If your computer does, then reset your SMC (System Management Control) by powering down your computer, then holding the power button for 10 seconds.  Turn your computer on, this just reset your SMC.  This information was found at:  https://support.apple.com/en-us/HT203127.

.

.

24. Macs can try this to be able to read encrypted emails:  https://github.com/af-vcd/mrs-smime 

.

25. If your CAC certs work for awhile, then seem to stop being seen (until you reboot), give this a try (provided to us by a Mac user).  https://github.com/notjames/jimconn-shell/blob/master/bin/reset-smartcard .

.

26.  You are now receiving an "Unhandled Execution Error" message when trying to access your Enterprise Email recently.  You have probably been migrated over to Army365.  Please use this link now:  https://webmail.apps.mil/mail 

-This can also be caused if your email has moved over to @health.mil.  It is not accessible from personal computers (see #18 above for other websites that are blocked) 

or a message about: your "URL was rejected" when trying to access your Enterprise Email recently.  You have probably been migrated to Army365.  Please use this link now:  https://webmail.apps.mil/mail

 

.

If you are a Windows user (or using Windows in a Virtual Machine or Bootcamp), go here for support.  (Please do NOT use the form below for Windows questions).

 

Please provide the correct information asked in the form below.  The intent is to reply to you with correct ideas for you to try.  We may offer incorrect ideas to fix your issue if you provide incorrect information below.

 

PLEASE COMPLETE THIS FORM FOR Mac SUPPORT ONLY

Windows Users go here

Chrome Users go here

Linux Users go here

 

 

 

 

 

 

The current CAC Types are...

(Look at the back of your ID card top left corner for any of these.  If you have any other version, you need to visit an ID card office and get it replaced.  All CACs other than these four were "supposed" to be replaced by 1 October 2012).

A guide to help figure out which CAC you have

Gemalto 144 CAC image GemaltoDLGX4-A 144 image
  Oberthur 5.5 CAC image
Oberthur 5.5a CAC G&D FIPS 201 SCE 3.2 image

      Stop Gap CAC image

 

Which CAC do I have video

Read more about the older CACs and replacing them

back to top

 

Contact us the following ways:

1. Contact form above (Preferred method)
2. CALL / TEXT / Skype / FACETIME  
3. Through remote access to your computer

 

If you have questions or suggestions for this site, contact Michael J. Danberry
Disclaimer

 

ACRONYM Reference Page

 

GoDaddy Site Certified seal

 

Last Update or Review:  Sunday, 13 August 2023 19:16 hrs

 

The following domain names all resolve to the same website:  ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us