If you are in the US Military, you should be a little upset on how little the DOD supports Linux systems. It has taken me a while to figure out how to use my CAC Card on my Ubuntu 11.04 system with Firefox 4 but I have finally got it to work. In this post, I will explain how to make it work (Ubuntu 11.04 x86_64).
You will need:
- Smart Card Reader (SCR3310 is the one I use).
- Your DOD CAC Card with PIN and Certificates installed.
- Your system must recognize your Smart Card Reader (instructions follows).
> sudo apt-get install libnss3-tools autoconf automake autotools-dev libccid pcscd pcsc-tools libpcsc-perl coolkey sun-java6-jre sun-java6-plugin
> pcsc_scan
$ pcsc_scan PC/SC device scanner V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr> Compiled with PC/SC lite version: 1.5.5 Scanning present readers... 0: SCM SCR 355 [CCID Interface] 00 00 Tue Sep 6 18:06:04 2011 Reader 0: SCM SCR 355 [CCID Interface] 00 00 Card state: Card removed,
If you receive something else, your reader is not being recognize. Updating the firmware from the manufacturer’s website should be the best option.
Let’s assume your reader was recognized. While the previous terminal window is open, insert your CAC Card and the terminal output should update to something similar to this:
Data: B0 XX 11 XX D6 Tag: 8, len: 3 (status indicator) LCS (life card cycle): 00 (No information given) SW: 9000 (Normal processing.) Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): XX 7D 96 XX 00 80 31 80 65 XX 83 11 17 XX 83 XX XX XX DoD CAC card issued Jan XX, ####
If your terminal displays something similar, then your CAC Card is working perfectly. So far, we achieved complete support from the system to allow use of CAC Cards. The next step will be to configure your browser. Sadly, Chrome does not support the use of one of the modules needed for CAC Support. The only one I have tried and verified is Firefox 4 or higher (I used Firefox 6.0.1). Now, this is how you would configure Firefox. (Note: Ensure you close your Terminal window and your CAC Card is inserted into the reader.)
You are done! Try logging in to AKO and the Log-in with CAC option.
Note: Does not work with Firefox 5+.
Firefox keeps crashing. Any ideas…Ive had this happen a couple of times and would love to get this working (I despise windows)
Insert card and then start Firefox. I you have Firefox open and then insert the CAC, it will crash every time. Inconvenient? Yes it is.
Thanks … works like a charm. Any ideas for lotus and DTS
D Folk,
I have a how-to somewhere on my hard drive on How to get your Pure Edge to work. It is the only one known to work with Wine. Check on Friday and I will have it posted on the website.
Chris, make sure that the architecture (32bit or 64bit) for the operating system, firefox, and pkcs11 modules are the same. I had similar issues when trying to use the libcoolkey.so from the /usr/lib32/ directory. Just to be safe, install all the Updates from the Update Manager GUI before proceeding. If you need extra help, let me know.
D Folk, I posted how to get pure edge to work.
Cannot get it to digitally sign Puredge or sign into DTS….any suggestions?
it works fine for me. Use Firefox as it is the only browser who supports Smart Cards currently (that I know). Once you setup Firefox to be able to use Smart Cards, you can launch the DTS website. After a few prompts to run Java applet, it will ask you to configure your pkcs11 module. Using the same module we used for Firefox (/usr/lib/pkcs11/libcoolkeypk11.so), locate it using the browse button. If you want, type in the CAC password in the field provided and it will work.
As soon as I put my CAC in, Firefox crashes.
Firefox will always crash when removing or inserting your CAC Card. I haven’t found a solution for this error. Suggestions: Place your CAC Card in the reader before launching Firefox.
I have a fresh load of 11.04, have ensured all updates are current, and both the CAC reader and CAC card are installed. However, everytime I start Firefox, it crashes. Then when I try to restart it, it hangs. The CAC card is in the reader prior to starting Firefox as per your direction above. Any additional tips would be much appreciated.
I have tried to have my card inserted before starting firfox or during firefox, it will crash every time. I have tried 3 different readers and double checked the instructions above. it will see any of the 3 readers but, if i put the card into any reader i get nothing but crashes or a no start.
Ian, I also am having some issues. For one, I also have problems with firefox crashing even with cac card in before launching firefox. I am using firefox 8. And I ran pcsc_scan, and everything seems to work. It recognizes the card reader and it does detect my card, but says my card is not in the database. Is there something I can do about that, or is that an issue? I really want to get this working on my linux laptop. I don’t want to go back to windows just for logging into AKO. I’m currently using Ubuntu 11.10.
I think the module that reads the CAC card to interact with Firefox is not supported by the latest version of Firefox. If you can install Firefox 4 on your system just for AKO, it should work.
Every time I try to follow the instructions and make the security changes to firefox, it crashes. I am using ubuntu 11.10 and firefox 8.0 Any ideas?
I haven’t been able to get Firefox to work with ccaccard ever since Firefox 5
Ian,
You have done a great service for us servicemembers who can’t stand windows. I appreciate you efforts very much. I went through this process a couple of years ago (without the help of this site) and was successful after much cursing. I never could get ubuntu to support digitally signing pure edge forms. I’ll use you info here to get my newest ubuntu machine working with my CAC. Many Thanks.
We need to put together a concerted effort to provide linux support to servicemembers.
Terry
Any suggestions on a work around for Android tablets? I have been digging through documentation and SCR driver source code for days trying to figure out how to get Android to recognize a cac reader. I am beginning to think installing Ubuntu 11.04 on a rooted Android and VNC’ing into it may be the easiest way…. It sure would be nice to get a reader working natively wth an Android tablet (Transformer Prime) though.
Any suggestions?