19 October 2011: InstallRoot 3.15A was released, download latest DoD certificates from DoD certs page. 9 October 2011: Recorded new video showing how to update firmware on SCR-331 reader using LPS. 4 October 2011: ActivClient 6.2.0.128 released and posted. 2 October 2011: Number of visitors in 2011 passed 500,000 visitors. Download the latest DoD root certificates here: DoD RootCerts file (CAC required). Open the Keychain Access application if it's not already running. Drag certificates in the folder to the login section of the Keychain Access.
Keychain Access User Guide
A certificate file can be shared between computers. You can add certificates to your keychain for quick access to secure websites and other resources.
- On your Mac, drag the certificate file onto the Keychain Access icon or double-click the certificate file.
- To view the contents of the certificate before you add it, click Show Certificates in the dialog, then click OK when you’re done.
- If you’re asked to provide a name and password, type the name and password for an administrator user on this computer.
See alsoImport and export keychain items using Keychain Access on Mac
There is a lot of information out in the wild about how you can get your CAC to work on your Mac, and all the certificates you need to have installed in your Keychain in order to do so. My goal in this forum entry is to clarify and help you understand what it is you're doing with these certificates and why.NOTE: If you wish to start with a Keychain free of any dod certificates, search your login and system keychains for any DOD Root, DOD ID, DOD ID SW, and DOD EMAIL certificates, then delete them.
The Mac OS relies heavily on the information you put in the Keychain. When you're installing the various DOD certificates into the Keychain, you're essentially telling the Mac OS how it should handle the certificate and any certificates issued by that server. Of the various DOD certs, the most important will be the DOD Root certs. A root certificate is the top-most certificate of the tree, which means all other certificates further down the tree depend on the trustworthiness of the root. As long as you have the correct DOD Root CA certs installed, trusted, and don't have any duplicates, the rest of the various DOD certs shouldn't show any issues of validation in your Keychain. This has become even more important since macOS High Sierra was released. I have seen situations where users do not get prompted to select a certificate or enter their PIN, or only see a 'com.apple.idms....' certificate in the selection window. My best conclusion is that the Keychain is unable to determine the validity of the CAC certificates, and therefore do not allow you to select them for authentication.
Now let's get started by adding the DoD Root CA certs into your Keychain. Use the following links to download the certificates, and then drag them into your 'System' Keychain:
https://militarycac.com/maccerts/RootCert2.cer
http://militarycac.com/maccerts/RootCert3.cer
![Dod Dod](/uploads/1/2/6/5/126596710/374860859.jpg)
http://militarycac.com/maccerts/RootCert5.cer
Once they are in your Keychain, they will most likely have a red x next to them. Open each certificate individually, tap the arrow next to the Trust Settings, click the first drop down menu and select Always Trust, then close the Window and enter your Mac password when prompted. If you have any DOD Root CA certificates with blue around the border of the certificate icon, delete those as well. Once you have done this to all of your DOD Root certs, they should look like this:
Download Dod Certificates For Mac
- DOD Root Certs
- Screen Shot 2017-12-12 at 7.37.22 AM.png (27.06 KiB) Viewed 41164 times
- Trusted Intermediate
- Screen Shot 2017-12-12 at 8.28.57 AM.png (24.64 KiB) Viewed 41164 times
- DOD Certs
- Screen Shot 2017-12-12 at 8.30.03 AM.png (424.3 KiB) Viewed 41164 times