Step 1 - Setting up for Apple | National Geospatial-Intelligence Agency Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NGA Employee CAC Resources

Step 1 - Setting up for Apple

To get started you will need:

1. CAC
2. Card reader

NGA recommends the use of the Catalina OS. You can get started using your CAC by following these basic steps:

1. Get a card reader.
Typically Macs do not come with card readers and therefore an external card reader is necessary. NGA recommends the use of the SCR3310v2 card reader. These are available from the NGA PITD office. In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements.

2. Download and install the latest Citrix Workspace application
Navigate to the following site https://www.citrix.com/downloads/workspace-app/mac/workspace-app-for-mac-latest.html and install the Citrix Workspace application.

3. Installing and Importing the DoD Root Certificates

  1. Navigate in Finder to Go > Utilities and launch Keychain Access.app.
  2. In the Keychain Access window, select the Login keychain on the left hand side.
  3. Download and unzip the PKCS 7 bundle for DoD.
  4. From Keychain Access.app:
    1. Select File > Import Items.
    2. Navigate to the unzipped PKCS7 certificates folder.
    3. Select DoD_PKE_CA_chain.pem and select Open. Enter your password if prompted.

4. Trusting the DoD Root Certificates

  1. Navigate in Finder to Go > Utilities and launch Keychain Access.app.
  2. Ensure you have the login Keychain (upper left) selected, and in Category (below) select certificates.
  3. You should see a list of certificates that start with DoD, all the certificates with red Xs will need to be manually trusted. 
  4. Double click any certificate that has a red X and expand the Trust menu and change When using this certificate to Always Trust.
  5. Click the red X in upper left to close, this will prompt you for your password. Repeat these for ALL the certs with red Xs.                                                                                                     
     

If you are having trouble with these steps, please contact the Enterprise Service Center.