kuujinbo_dot_info

Updated 2011-04-04

For better or worse, I've been employed by the DOD since 2001 (probably should have written this up a long time ago). Many DOD web sites use CAC authentication. A standard desktop configuration sets up the default browser to make everything seemless. The problem with that is the default browser is IE; if you're a normal user no problem, but if you're a developer you know IE is worthless because it doesn't have tools like Firebug and Web Developer.

In most cases it's a two-step process:

  1. Importing DoD Root Certificates
  2. Setting up the CAC Reader driver

Import DoD Root Certificates

Go to the DOD Root CA Certificates page.

CAC Reader Driver

Step 1: From Firefox Menu:

Tools => click "Options..."

Step 2:

Advanced tab => click "Security Devices" button

Step 3:

click "Load" button

Step 4:

Insert whatever descriptive name you think appropriate in the box titled "Module Name" => click "Browse" button

After clicking "Browse" you must find the CAC driver. Choose %WINDIR%\system32\acpkcs211.dll. So after clicking the "Browse" button I selected that file. The successful result is shown in the image in step 3, the "activeclient" entry.

ActivClient 6.2

If you're using this version of ActivClient, (not sure about the minor version number(s)) you may get an error "Unable to load module" when trying to load acpkcs211.dll from the path above. In this case:

  1. If you are on a 32 bit system, choose C:\Program Files\ActivIdentity\ActivClient\acpkcs211.dll
  2. If you are on a 64 bit system, choose C:\Program Files (x86)\ActivIdentity\ActivClient\acpkcs211.dll

Then all should be well in developer land, even when running Mozilla Firefox, Portable Edition!