DOD CAC Card on Ubuntu Linux

So, you are a government employee AND a Linux geek.  Join the club.  It is possible to use your smart card to access DOD CAC Card enabled sites.   A must do project for the Linux geek in you.

 

I’m doing this with an IOGEAR GSR202 and it will work with a lot of other CAC Card readers as well.  Also I’m using Ubuntu 18.04

First of all the information is taken from this excellent website.  While almost perfect there are a few minor issues that could foul a fella up.  I seek to clarify those here.

First lets download the Certs for your browser.  They also come from the page I have linked above (MilitaryCAC.com).  Download here.  Hold tight.  We’ll get back to them.

Now we need to install some programs called pcscd and coolkey.  The easiest way to do this and grab dependencies is with Synaptic.  If you don’t have it, install it.

sudo apt-get install synaptic

Now open it as super user once it is installed.

sudo synaptic

In the search field type “pcsc”  Everything that installs with it should have a check mark in it or green if it is already installed. Just for fun I put a check in pcsc tools as well.   Then hit apply to install.

Now do the same for Coolkey.  It will tell you to add the two dependencies listed below it.  Do that and hit apply to install.

Now open Firefox and go to “Preferences > Privacy And Security” and Click “View Certificates”  Click the “Import” button and individually import each of those Certs you downloaded at the beginning of this.  Click both “Trust” boxes before you import for each one.  I’m not sure you have to click both boxes for all of them but it is the safe play.  Have fun.  This will take a while.

Once all the Certs are imported (I know you hated that part) now click on the box in the pic above that says “Security Devices”.  We now need to load the Coolkey module.  Click the “Load” button in the pic below.

Now name your Module DODCAC or something like that and set the path to /usr/lib/pkcs11 and select coolkeypk11.so and then hit okay.

You should now be able to visit CAC Card enabled sites on FIREFOX browser only at this point.

13 thoughts on “DOD CAC Card on Ubuntu Linux

  1. James Grow

    I attempted to import the certificates. However, I received the following error each time:

    “This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.”

    I used both the link you provided and the Military CAC specific link, but neither worked. Any help in getting this resolved would be appreciated.

    Reply
  2. Harry Pits

    When I go to add coolkey to the security devices I get a warning stating “unable to load module”. Downloaded all the necessary packages, have the latest version of firefox, and the package is in the correct directory. Help please?

    Reply
    1. TJ

      I had this issue too. I uninstalled all of the packages, mentioned, rebooted, and re-installed everything. I did not install “pcsc-tools” this time around. After reinstalling the packages, firefox accepted the coolkeypk11.so file and loaded the module. Hope this helps!

      Reply
  3. Ricky Cartner

    Wow, I’ve CAC enabled a few linux machines and followed at least 4 different instructions and this was by far the easiest to follow. MilitaryCAC has great information but as you said, is sometime difficult to follow. Screenshots were a plus along with the used of the Synaptic GUI.

    Reply
    1. Vovchyk

      Oh, nevermind. I was using my email cert instead of my signing cert. Works now. Great instructions, thanks! This is actually worlds easier than it ever was on my Mac.

      Reply
  4. MikeD

    Thanks so much for the great walkthrough. Got this going in 2 minutes plus the time to load the certs 🙂
    I really appreciate it and looking forward to reading more on your blog. Seems like we have similar interests.

    Reply
  5. melonstube

    Site contains CACkey in order to allow Firefox to access teh CAC through the reader (Please remember this link needs to be accessed from an already CAC enabled computer)

    Reply
  6. Todd Bissell

    FYI: the module in question is now named “/usr/lib/pkcs11/libcoolkeypk11.so”.

    Great article, thanks for posting this!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *