Skip to main content
U.S. flag

An official website of the United States government

Official websites use .mil
A .mil website belongs to an official U.S. Department of Defense organization.

Secure .mil websites use HTTPS
A lock () or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NGA Employee CAC Resources

Step 1 - Setting up for Apple

To get started you will need:

1. CAC
2. Card reader

NGA recommends the use of the Catalina OS. You can get started using your CAC by following these basic steps:

1. Get a card reader.
Typically Macs do not come with card readers and therefore an external card reader is necessary. NGA recommends the use of the SCR3310v2 card reader. These are available from the NGA PITD office. In addition, please review the DoD CAC Reader Specifications  for more information regarding card reader requirements.

2. Download and install the latest Citrix Workspace application
Navigate to the following site https://www.citrix.com/downloads/workspace-app/mac/workspace-app-for-mac-latest.html  and install the Citrix Workspace application.

3. Installing and Importing the DoD Root Certificates

  1. Navigate in Finder to Go > Utilities and launch Keychain Access.app.
  2. In the Keychain Access window, select the Login keychain on the left hand side.
  3. Download and unzip the PKCS 7 bundle for DoD.
  4. From Keychain Access.app:
    1. Select File > Import Items.
    2. Navigate to the unzipped PKCS7 certificates folder.
    3. Select DoD_PKE_CA_chain.pem and select Open. Enter your password if prompted.

4. Trusting the DoD Root Certificates

  1. Navigate in Finder to Go > Utilities and launch Keychain Access.app.
  2. Ensure you have the login Keychain (upper left) selected, and in Category (below) select certificates.
  3. You should see a list of certificates that start with DoD, all the certificates with red Xs will need to be manually trusted. 
  4. Double click any certificate that has a red X and expand the Trust menu and change When using this certificate to Always Trust.
  5. Click the red X in upper left to close, this will prompt you for your password. Repeat these for ALL the certs with red Xs.                                                                                                     
     

Need Assistance?

If you are having trouble with these steps, please contact the Enterprise Service Center.