Step 1 - Setting up for Apple | National Geospatial-Intelligence Agency Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NGA Employee CAC Resources

Step 1 - Setting up for Apple

To get started you will need:

  1. CAC
  2. Card reader

 

You can get started using your CAC on your Mac OS X system by following these basic steps:

 

  1. Get a card reader.
    Typically Macs do not come with card readers and therefore an external card reader is necessary. At this time, the best advice for obtaining a card reader is through working with your home component. In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements.

  2. Download and install the OS X Smartcard Services package
    The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. Please refer to this page for specific installation instructions.

  3. Address the cross-certificate chaining Issue
    These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA 2 and the US DoD CCEB IRCA 1 > DoD Root CA 2 certificates to prevent cross-certificate chaining issues. This can make it appear that your certificates are issued by roots other than the DoD Root CA 2 and can prevent access to DoD websites.

  4. Configure Chrome and Safari, if necessary
    Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.
    1. In Finder, navigate to Go > Utilities and launch KeychainAccess.app
    2. Verify that your CAC certificates are recognized and displayed in Keychain Access
An image depicting how Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.
An image depicting how Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.

Note: CACs are currently made of different kinds of card stock. To determine what card stock you have, look at the back of your CAC above the magnetic strip. Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card.

Support

Recommended CAC reader hardware:

  • SCR3310v2.0
  • uTrust SmartFold SCR3500
  • OMNIKEY 312
  • OMNIKEY 3021
  • F1DN005U
  • F1DN008U

If you are having trouble with these steps, please email CSR (Operation Hours: 0600-1700 EST).

Email CSR