After performing these steps, the built in smart card ability should be enabled (it should actually say that in terminal that it was re-enabled).
It is recommended you do the command again after this.no password will be promptedĥ. When prompted for your computer password, know that the cursor will not move, type it in, and hit enter to processĤ.
Here is the update and what fixed it for me.ģa. After performing these steps, the built in smart card ability should be enabled. When prompted for your computer password, know that the cursor will not move, type it in, and hit enter to process.ĥ. I recommend you run this command twice.Ĥ. Sudo defaults write /Library/Preferences/ DisabledTokens -array & sudo defaults write /Library/Preferences/ EnabledTokens -array ģa. Copy the entire command below and paste it into the terminal window (or manually retype it) Open Terminal, by typing Terminal in the spotlight searchģ.
NOTE3: If you have recently updated to Mac OS Catalina (10.15.x), Mac OS Big Sur (11.00.x), or Mac OS Monterrey (12.00.x) you need to re-enable the built in Smart Card ability after removing all installed enablers listed above:Ģ. I simply needed to "re-enable" my built-in Smart Card.
Hope this helps others who upgraded to Monterey because this really shut me down for a bit and even wasting money another CAC. If you prefer to use Firefox, please follow the additional steps below. Scroll down to Step 3 and download all the certs in the red box. CRL) for each certificate.(RESOLVED) I had to go to the Terminal and do the commands it states in this link: - I recall seeing this but it recommends I do it twice….after that and a restart, the certificates popped up. Go to URL: and click on ‘Install for Mac’. All DoD Intermediate Certificates are available for download (one-by-one) from the DoD PKI Management website at (download the Certificate Authority Certificate, not the Certificate Revocation List, i.e. Certificates_PKCS7_v4.1u4_DoD.zip and unclass-irca1_dodroot_ca2.zip, then use the File > Import Certificate option to add the certificates to the "login" keychain. Go to the Cross-Certificate Chaining Issue page to download two zip files (i.e. You need to download and import a few certificates into the "login" keychain, such as DOD ROOT CA 2 (3 certificates total), DOD ROOT CA 3, and any intermediate certificates that issued the certificates on your CAC, which are greater than DOD CA-30 (such as DOD CA-31, DOD EMAIL CA-31, DOD CA-32, DOD EMAIL CA-32, DOD ID CA-33, DOD EMAIL CA-33, DOD ID CA-34, DOD EMAIL CA-34, etc.). Most of the DoD certificates are available if you add the "SystemCACertificates" keychain using the File > Add Keychain option and navigating through the folders to Macintosh HD > System > Library > Keychains. Smartcard Services will work for most CACs and readers, however, if you do not see your CAC keychain in the Keychain Access.app after installing the Smartcard Services package and inserting your CAC in the card reader, then I recommend using another free middleware called Centrify Express.Īside from installing middleware, you need to download and import the DoD Root and Intermediate Certificates in your Keychain Access.
The instructions on IASE will direct you to Smartcard Services (middleware) downloads from Mac OS forge. You will need middleware to use your CAC on OS X. Please refer to this page for specific installation instructions. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. You should refer to the instructions and downloads available from the web pages under Getting Started for End Users (Mac) on DISA's Information Assurance Support Environment (IASE) website. The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. Public Key Enable) the system all over again.
Whenever you upgrade your operating system (OS), you will need to CAC-enable (i.e.