10-27-2014 05:47 PM - last edited 12-21-2015 01:56 AM
I am running Mavericks OSX 10.9.5 (haven't upgraded to Yosemite yet) and have installed the Centrify Smart Card Assistant. I have a CAC reader that works and my machine recognizes it. I was having trouble getting Safari to allow me to login into my Navy email site. I was coached to download Smart Card Services Releases v2.0.1 for Mavericks. I feel like as soon as I downloaded and installed that file, it took me several steps back because before I did this, when i was in Keychain and clicked on the CAC, then My Certificates, it showed my certificates. I would try to login using Safari and it would bring up the box for me to enter my CAC pin, but I was not able to login. But it seemed like I was very close to getting in.
However, after installing Smart Card Services Releases v2.0.1 for Mavericks, My certificates do not show up when I click on the CAC in Keychain, and if I try to go to the navy.mil email site, it never even brings up the box where I can try to enter my CAC pin, just always gives Error code 500 - Internal Server Error.
I am at a loss and really would like to be able to check email from home. I am also wondering if my CAC in Keychain should be listed as cac-0000-0000-0000-0001-0000. I could be wrong, but I feel like before installing the Smart Card Services, my CAC would show up as something that didn't involve so many zeros.
Thanks for any help,
Solved! Go to Solution.
10-28-2014 07:21 AM
It sounds like the system is not using the correct "drivers" to detect your smartcard anymore, so let's getting everything back to a recognisable base level first:
- Unplug any smart cards and readers from your Mac
- Open the Centrify Smart Card Assistant Utility
- Press the Uninstall button to remove any Centrify bits off the system through the standard method
- Navigate to this folder and move or delete any remaining tokend files here:
/System/Library/Security/tokend/ (for OS X 10.10 and below)
/Library/Security/tokend/ (for OS X 10.11 and above)
- Use the following link to make sure you don't have any other smart card software installed that may be interfering with things:
- Run the following command to remove any potentially cached smart card objects from the system as well:
sudo rm -rf /var/db/TokenCache/tokens/*
Note: I would recommend double-checking through all of these steps - even if you think have done them before.
- Once your system is cleaned out. Check that your CAC reader is also updated to the latest firmware available:
- Download and install Express for Smart Card:
- Make sure you have the DOD certificates imported into the Keychain: http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js...
To use the ones that come packaged with OS X, use the steps under:
- "Loading DOD intermediate certificates into the keychain"
To download them directly from the DOD PKI Management site, use the steps under:
- "Downloading certificates from the DoD PKI Management site"
- Insert your smart card into the Mac and check in Keychain Access, the card should now appear correctly in there again.
- Try opening your target website in Safari, if it still doesn't work, check with an alternative browser and let us know how it goes.
Hope that helps and kind regards,
12-09-2014 11:32 AM
Dear Centrify -
I just got a Mac. Initially I could log into Army AKO and Enterprise email with my CAC. Then I was messing around in Keychain Access and I think I deleted something I shouldn't have. I tried all of the steps in your message and now my CAC card doesn't appear in the Keychain access. Please help!!
12-09-2014 11:49 AM
If the CAC card doesn't appear in your Keychain at all, then it means the tokends (smart card drivers) were not installed correctly.
Please make absolutely sure you've gone through every step in both Cleanup and Reinstall procedures in the accepted post above and you should at least get the card appearing in the Keychain again.
This means hitting every step in the militarycac.com webpage as well to make sure there are no remnant drivers, then make sure the Keychain is added and updated and the Centrify software is fully re-downloaded and re-installed.
12-09-2014 11:58 AM
Before I received your reply, I restarted my computer and checked Keychain access again. This time it shows up but similar to Scott, I don't think it shows as the same thing anymore. It's listed under "Keychains" as CACNG-5f14a888485............(and so on).
When I tried to log onto AKO (https://login.us.army.mil) I can select my CAC, input my Keychain password (which I assume is my CAC PIN), and I then receive a gray screen that says: "Safari can't open the page ... because Safari can't establish a secure connection to the server 'certificate.us.army.mil."
Is the solution to still to do the cleanup and reinstall again?
12-09-2014 12:06 PM
If you're using an older version of Express for Smart Card, then it's possible you may have run into the Dual-ID card problem described here:
If you're using the latest version of Express though, then almost definitely the Mac is using the wrong tokend for your card. In which case the solution is to do the cleanup and reinstall.
Hope that helps!
12-31-2014 01:47 PM
I have spent hours trying to get my CAC reader to work on my MacBook. I have an Oberthur v5.5 Dual. I am using the SCR-3500. I did all of your steps including cleanup and reinstall. I used MilitaryCac's resources to make sure I had no conflicting programs causing issues. It was previously showing my CAC Card in the keychain access, but now, it's not even showing up. It lights up for about 3 seconds, then it turns off. Do you have any solutions? I've read almost every forum and I can't figure it out. Thank you for your assistance!
****NEVERMIND! I was able to get it to work after restarting my computer (duh!) Thanks!
02-08-2015 11:49 AM
I need assistance I'm trying to uninstall the Centrify on my IMac. After upgrading to 10.10 I'm unable to use my Smart card.. I follow your instruction how to uninstall. Okay the command where do i type this in the Terminal command line
sudo rm -rf /var/db/TokenCache/tokens/*