Wednesday, June 27, 2012

Teaching Firefox to use a CAC

Some of the sites I use require a CAC smart card to establish SSL access. (Forge.mil is an example of this.) Chrome and IE (shudder) are both smart enough to use a smart card for certificates out of the box on Windows. Unfortunately, Firefox doesn't seem to be set up to do it without some adjustment. These are the steps I used to enable smart cards (CAC) in Firefox.

First, you need some kind of client library that provides what Firefox needs. Two options for this are Active Client (standard use by DoD and other government agencies) and OpenSC. I chose OpenSC just because it seems to be fairly light weight and easy to install.

First, download and install OpenSC from it's web site. (http://www.opensc-project.org/opensc/wiki) Installation was fairly brain dead and easy. Unfortunately, it did NOT actually enable Firefox with the smart cards, so I had to use some older, more drastic methods.

I used and older set of instructions as a reference that popped up in Google: http://www.opensc-project.org/opensc/wiki/MozillaSteps. To do this, basically do the following:

  1. Firefox: Tools > Options: Advanced tab
  2. Manage Security Devices
  3. "Load" a new security device
    1. Name as "OpenSC PKCS#11 Module"
    2. Browse to C:\Windows\System32\, choose opensc-pkcs11.dll
  4. Click Ok, Ok, ..., Ok to finish everything
Now, when you access a CAC-required web site, it should pop up a box and ask you to select a smart card certificate. The interface isn't as pretty as either IE or Chrome, but it seems to work.

Update: I've noticed that accessing other SSL sites seems to be slightly broken now, so I'm not sure if this is a problem with OpenSC, or whether something else is going on.

3 comments:

  1. These tips are very simple and useful. Thank you for sharing with us. Keep up the good works.
    Visit my site:- Mozilla Firefox Support


    ReplyDelete
  2. great content..really like this useful information..
    routerlogin.net

    ReplyDelete