Lion [10.7.x] does NOT have the built in Smart Card ability (like Leopard and Snow Leopard had).  However, we have found 8 different options for you to use your CAC on your Mac.

1. Copy 2 files (Does NOT work with the Oberthur ID One 128 v5.5 or 5.2a CACs)

2. Purchase, install, and use PKard (works with All CACs) (Recommended method due to its ease of use and support from the vendor)

3. Download the Smart Card Services Update v2.0b1 (Does NOT work with the Oberthur ID One 128 v5.5 or 5.2a CACs)

4. Install and use OpenSC (works with All CACs)

5. Follow the guidance below (Does NOT work with the Oberthur ID One 128 v5.5 or v5.2a CACs)

6. Use Charismathics CSSi PIV for Mac OS X (works with all CACs)

7. Use LPS (works with All CACs)

8. Use CACkey (works with All CACs AND Firefox)

Download / Save this page as a single / printable PDF

Snow Leopard (10.6.X) users, please utilize the Snow Leopard support page

Leopard (10.5.X) users, please utilize the Leopard support page

Tiger(10.4.X) users, please utilize the Tiger support page

You will have to install Windows in a virtual environment to be able to use Lotus Forms and ApproveIt.  NOTE:  Your computer must have an Intel processor.

Gemalto TOP DL GX4 144 cardholders can download the Smart Card Services Update v2.0b1 file from Mac OS FORGE.org (there is NO support provided for this open source software).  Restart your computer, and try it again.  If it still doesn't work, try the instructions below or purchase and install PKard.

Oberthur ID One 128 v5.5 Dual & 5.2a cardholders may need to purchase PKard as this is the only way we've been able to find to support your particular CAC.   You may also take the risk of using the [no support] (open source) OpenSC, CACkey, or Charismathics Smart Security Interface (CSSI-PIV) programs.

PKard is the only solution [with support] for all CACs, and specifically if you have an Oberthur ID One 128 v5.5 Dual or 5.2a CAC.
Purchase it from Thursby Software or TX Systems
PKard demo

You may also take the risk of using the [no support] (open source) OpenSC, CACkey, or Charismathics Smart Security Interface (CSSI-PIV) programs.

If you have installed one of these programs and want to remove it, here's how

How to make a web server think you're using Internet Explorer

.

How to configure Firefox on your Lion Mac video (using CAC key)

You can download the dod_configuration-1.3.3.xpi Firefox installation file from Forge.mil (but you may not need it)

The following information is provided for your situational awareness while setting up the utilization of your CAC on your Mac.  It is updated as additional information is available and your input is appreciated for solutions not outlined here.  Installation instructions can be found below.

ActivClient is a middleware program used by the DoD to facilitate the cross talk between Windows computers and your Common Access Card.  It was offered for the “Tiger” release (Mac OS X 10.4.X) and is not compatible with Lion (the current release of Mac OS X (10.7.x)).  The program is available for purchase through the manufacturer, and is not available for download from DoD.  The use of this program is not supported here for Apple operating systems, as it is not required and won't work with Lion (10.7.x).

Lotus Forms is currently only available for Windows.  You will have to install Windows in a virtual environment (read below) or use Apple's native Boot Camp to be able to use Lotus Forms and ApproveIt.  NOTE:  Your computer must have an Intel processor. 

An older version of PureEdge [with a few tweaks] is available here for your Mac.  So, IF you only need to complete a form (and NOT sign it) give it a try.

Windows on your Mac: (You MUST have an Intel processor, it will NOT work with a PPC processor):  While you have made a conscious decision to “be a Mac,” the Government has not, and therefore the easiest solution for some problems, such as:  Digitally signing forms with Lotus Forms and ApproveIt, some websites (including digitally signing / encrypting emails in OWA), is to use Windows through a Virtual Machine, such as Parallels Desktop (PDF), VMware Fusion (Parallels vs. VMware comparison), or VirtualBox  or through Apple’s native Boot Camp.  This will require you to have a legal copy of Microsoft Windows.  With these programs, you can install the ActivClient, Lotus Forms, and ApproveIt software and also utilize all the DoD tools from your Mac.  The benefit of the Virtual Machines over Boot Camp is that it will allow you to run Windows as an additional program (without restarting your computer) and keep OS X running the entire time. 

DTS (Defense Travel System) has been upgraded to a Java web applet instead of the proprietary [Windows only] DBSign.  This should allow you to use DTS from your Mac.  I had to install the Missing Plug-in (Java) when it sat at the Loading Applet... screen

NOTE:  If you get a blank page after successfully logging into DTS trying to navigate to your Authorizations or Vouchers, Click the word Safari, uncheck Block Pop-Up windows. 

NOTE for 64 bit Macs:  You may need to run Safari in 32 bit mode vs. 64 bit.  Here's how:  Go to Applications in Finder, right click get info on Safari.  Check the box Open in 32bit mode, then launch Safari

DCO (Defense Connect Online) works with your Lion Mac since the servers have been updated.  Make sure you select the check box to Allow all applets from "www.dco.dod.mil" with this signature and select Allow.  You "should" now see a Java based screen with logon / password, or CAC PIN.  Select the CAC PIN option. 

CAC Readers:  With a variety of CAC readers available today there are also a variety of issues.  The SCR series of CAC readers work very well.  The SCR-331 reader may need a Firmware Update.  See several different models of  USB CAC readers here.  You will see a small note on some of the readers to show you how to make them compatible with your Mac.  Here is a web page that lists all known CAC readers and whether they are supported, should work, or unsupported with the Mac OS'.

HQDA Citrix access information for your Mac  How to guide

   .

Outlook Web Access / Apps (OWA): The use of OWA on Mac currently has a known issue with time outs.  Beware that when using OWA on your Mac that if you are inactive on the primary window, e.g. the inbox, while replying to an email, your browser may time out.  On a Windows computer the ActivClient software  maintains communications with the server and re-requests validation of your credentials.  On a Mac this is not so, Safari will respond to a direct request for validation of your credentials, however it will not re-request that you verify as the server requires.  Be sure that prior to selecting the Send button that you copy your work to the clipboard as you will most likely have to restart Safari and log back in.  You also will not be able to digitally sign / encrypt / decrypt emails since the S/MIME software doesn't exist for a Mac.

Internet Explorer Emulation:  If you visit a website with your Mac that states it can only be accessed via Internet Explorer, or some web pages simply won't work while using your CAC with Safari, please try this:  Make sure your Mac is updated (like steps 1 & 2 below).  Open Safari, Click on the word Safari (in the bar at the top), select Preferences..., Advanced, click the Show Develop menu in menu bar box.  Close Advanced screen.  Now when you need to emulate IE, click on the word Develop (at the top), click User Agent, then select Internet Explorer 7 or 8.  This was received from the Air Force IMA JAGs.

Air Force Users look here for some helpful information

Navy Users look here for some specific information

 Setting up your CAC for use on your Lion (10.7.x) Mac:

Download / Save this entire page as a PDF

Step 1: Click the Apple Icon and select "Software Update..." to update your system.  (10.7.3 is the current version of Lion)

Step 2: Once your computer is updated, Plug in your CAC Reader to an available USB Port

Step 3: Click the Apple Icon again and select "About This Mac"

Step 4: Click "More Info..." (button)

Step 6: Under the "Hardware" Category select "USB." On the right side of the screen the window will display all hardware plugged into the USB ports on your Mac. Look for the words “Smart Card Reader.”  If the Smart Card reader is present, it is installed on your system, and no further hardware changes are required, e.g. additional drivers / Firmware upgrades.  You can now Quit System Profiler.  NOTE:  Please look at the Version:  If you are using an SCR-331 Reader with version 5.25, it should work fine.  If it is below 5.25, please update your firmware.

NOTE:  For OWA users, you may need to hit cancel when it prompts for your PIN initially, then on the next screen, select the Email certificate.

Setup your CAC on your Mac OS X Lion (10.7.x) WITHOUT PKard

NOTE: Oberthur ID One 128 v5.5 Dual & V5.2a Dual CAC holders go here and follow this guidance (DO NOT follow guidance below, because it will NOT work for you)

 Use this package, to automatically copy and move the below mentioned files to the correct location.  Provided by "JAX."  Once you run this file, Click here to continue You may need to restart your computer.

You can also do it manually by following these instructions:

Download these two files to your computer:  CAC.tokend & CACNG.tokend

Once downloaded, click on the download arrow in the upper right corner of your Safari browser

Right click each of the two files: CACNG.tokend & CAC.tokend and select Show in Finder

From the Downloads / Finder folder, drag the files to:

<your hard drive> / System / Library / Security / tokend / 

NOTE:  (IF the "tokend" folder is not there, create it by Right clicking and selecting New Folder, or for a one button mouse, select <ctrl> then click your mouse button).

NOTE: You may receive a message [like below], you'll need to select "Authenticate" and enter your computer administrator password to move these files.

Now verify it worked by visiting:  Keychain Access

Here's How:  Click: Go (in the taskbar at the top of the screen), Utilities, Keychain Access.app 

NOTE:  If you don't see Go, click the finder icon  in your taskbar. Click Applications, Utilities, Keychain Access.app 

You "should" see CAC...###-### under Keychains, you may also see your last name with your EDI-PI after it, or PIV II (it depends on which program you are using to communicate with your CAC.

You "should" be able to go to your CAC enabled websites (just like you did in Snow Leopard)

(A restart of your computer "may" be necessary)

If you are still having problems, contact us.