Here are the steps on how to install a CAC Reader for Mac:

1. Ensure your CAC reader works with Mac
2. Check to ensure your Mac accepts the reader
3. Check your Mac OS version
4. Check your CAC’s version
5. Update your DOD certificates
6. Guidance for Firefox Users
7. Look at graphs to see which CAC enabler to use

Step 1: Purchase a Mac Friendly CAC Reader

Gemalto Smart Card Reader Driver

Purchase a CAC reader that works for your Mac. There are only a couple that you can choose from and I’ve listed them below.

The Virtual Smart Card Architecture provides software to emulate smart cards and a smart card reader. The virtual smart card is internally accessible as PC/SC reader and externally as USB CCID reader or through a contactless smart card. Class 4 smart card readers are not supported. Note: The smart card reader class is unrelated to the USB device class. Smart card readers must be installed with a corresponding device driver on the user device. For information about supported smart card readers, see the documentation for the Citrix Workspace app you are using.

It works well with older versions of Windows (backdated to Windows 7), Mac, and even Linux. What Cards can the Gemalto IDBridge CT30 Read and Write to? The reader can manipulate all ISO 7816-1, 2, 3, 4 microprocessor cards with T=0 and T=1 protocol. For Gemalto.NET cards, the Gemalto Minidriver for.NET Smart Card driver is supported. Enabling the Username Hint Field in Horizon Client. In some environments, smart card users can use a single smart card certificate to authenticate to multiple user accounts. The second most common cause is if regtool is not running. This is the icon that appears in the bottom right hand corner. To ensure this has started correctly, please remove the card from the reader and go to 'Start' 'All programs' 'Gemalto' 'Gemalto Toolbox' and double click the regtool icon. Re-insert the card and wait 10 seconds.

If you already have a CAC reader and it isn’t Mac friendly, you could update the firmware, however, for the non-tech savvy people out there, it’s probably better to just purchase a new one and save the headache – they’re only ~$11-13 dollars.

Best Mac Compatible CAC USB Readers

Best Mac Compatible CAC Desk Readers

Step 2: Plug in and Ensure It’s Accepted

Once you have your CAC reader, plug it into your Mac and ensure your computer recognizes it. If you have one of the CAC readers we suggested above, then you should be good to go.

If for some reason your CAC reader isn’t working, you may need to download the appropriate drivers for your CAC reader. You can find these drivers on the Reader’s Manufacturer Website.

Step 3: Update Your DOD Certificates

Now that you have your CAC reader connected and accepted on your Mac computer, it’s time to ensure you have the right certificates in order to access DOD CAC required web pages.

Procedure for Chrome and Safari

1. Type ⇧⌘U (Shift + Command + U) to access your Utilities
2. Find and Double click “Keychain Access”
3. Select “Login” and “All Items”
4. Download the following five files and double click each once downloaded so as to install in your Keychain Access.
5. When you double-click the Mac Root Cert 3 and 4, you’ll need to tell your browser to always trust them. Click the button like you see below:

Additional Steps for Firefox

If you’re using Mozilla Firefox as your primary browser, you’re going to need to perform some additional steps. First, perform the same steps that you did for Chrome and Safari. Afterwards, follow these additional steps to get started.

1. Download All Certs zip and double click to unzip all 39 files
2. While in Firefox, click “Firefox” on the top left, then “Preferences”
3. Then Click “Advanced” > “Certificates” > “View Certificates”
4. Then Click “Authorities” and then “Import”
5. Import each file individually from the “AllCerts” folder. When you do this, the below box will popup. Check all three boxes and click “OK”

Step 4: Download and install CAC Enabler

Choosing the right CAC enabler can be pretty tricky. It all depends on what OS you have installed, how you installed it, and even what kind of CAC Card you have!

In order to get the right enabler, be sure to visit our trusty guide to Mac CAC Enablers! It’ll walk you through exactly which enabler is right for you.

CAC Access at Home Success

Now that you have a CAC reader, certificates, and a CAC Enabler, you should now be able to access any CAC-enabled website and log on using your CAC password and data.

Common Reasons Why Your CAC Card Won’t Work On Your Mac

Ensure Your CAC Card Meets the Standards: In order for your CAC card to work, it must meet the minimal requirements. Currently, there are only four types of CAC cards that can be used. The ensure you have the right CAC card for online access, flip your CAC card to the back and if you have one of the below numbers written on the top left, then you are good to go:

• G&D FIPS 201 SCE 3.2
• Oberthur ID one 128 v5.5 Dual
• GEMALTO DLGX4-A 144
• GEMALTO TOP DL GX4 144

If you do not have any of the above written on the back, then proceed to your nearest PSD to get a new CAC card issued.

This article is intended for system administrators who set security policy in enterprise environments that require smart card authentication.

macOS includes a modern architecture that supports smart cards. This architecture is based on the CryptoTokenKit framework, which supports authentication, encryption, and signing functions, plus MDM controls for managing smart cards within Enterprise environments. Starting with macOS Catalina, legacy smart card support that uses TokenD will be disabled by default.

Before you upgrade to macOS Catalina

If you want to migrate from legacy TokenD to modern CryptoTokenKit-based smart card services after upgrading to macOS Catalina, follow these steps:

1. Make sure that any third-party apps that you use support CryptoTokenKit.

2. Verify that com.apple.CryptoTokenKit.pivtoken doesn't appear in the output of this Terminal command:

defaults read /Library/Preferences/com.apple.security.smartcard DisabledTokens

If it does, you can remove the PIV token from the DisabledTokens array by deleting the entire array:

defaults delete /Library/Preferences/com.apple.security.smartcard DisabledTokens

Gemalto Smart Card Reader Driver For Mac Os

3. If you've installed a driver that relies on TokenD, use the developer's instructions to uninstall it.

If you have any issues using your smart card after upgrading to macOS Catalina, pair the card again. For additional instructions on configuring smart card services, see the macOS Deployment reference and the SmartCardServices(7) man page.