NOTE: I’m a retired government employee now with no CAC card. I believe this blog may be somewhat outdated but I’ll keep it up and any readers should view the comments for updated configuration details. Many thanks to those of you now minding the store!
So, you are a government employee AND a Linux geek. Join the club. It is possible to use your smart card to access DOD CAC Card enabled sites. A must do project for the Linux geek in you.
I’m doing this with an IOGEAR GSR202 and it will work with a lot of other CAC Card readers as well. Also I’m using Ubuntu 18.04
First of all the information is taken from this excellent website. While almost perfect there are a few minor issues that could foul a fella up. I seek to clarify those here.
First lets download the Certs for your browser. They also come from the page I have linked above (MilitaryCAC.com). Download here. Hold tight. We’ll get back to them.
Now we need to install some programs called pcscd and coolkey. The easiest way to do this and grab dependencies is with Synaptic. If you don’t have it, install it.
sudo apt-get install synaptic
Now open it as super user once it is installed.
In the search field type “pcsc” Everything that installs with it should have a check mark in it or green if it is already installed. Just for fun I put a check in pcsc tools as well. Then hit apply to install.
Now do the same for Coolkey. It will tell you to add the two dependencies listed below it. Do that and hit apply to install.
Now open Firefox and go to “Preferences > Privacy And Security” and Click “View Certificates” Click the “Import” button and individually import each of those Certs you downloaded at the beginning of this. Click both “Trust” boxes before you import for each one. I’m not sure you have to click both boxes for all of them but it is the safe play. Have fun. This will take a while.
Once all the Certs are imported (I know you hated that part) now click on the box in the pic above that says “Security Devices”. We now need to load the Coolkey module. Click the “Load” button in the pic below.
Now name your Module DODCAC or something like that and set the path to /usr/lib/pkcs11 and select coolkeypk11.so and then hit okay.
You should now be able to visit CAC Card enabled sites on FIREFOX browser only at this point.