• Home
  • SEHL
  • SE Interviews
  • CoreDump
  • Talks
  • Blog
  • About
Security Endeavors
Pursuing excellence in security

Start here for Setting up DoD PKI Home Use


Windows 7
Get A Reader

Mac OS X

Windows 8

Outline of Home Use Topics

A.  Getting a card reader
B.  Installing Certificate Trust for Internet Explorer
        1.  Windows 7
        2.  Windows 8
        3.  Windows 7 and 8 come with software to allow Internet Explorer to use DoD PKI certificates for sites that require them
C. How to get the Home Use Middleware for Windows 7
D. Troubleshooting Chaining issues
E. Firefox and DoD PKI Home Use (via PKCS#11)
       A. Windows needs either
              1. ActivClient Home Use (only good on Win7)
              2. CACKey from Forge.mil
       B. Linux needs PKCS#11 support installed first
              1. Ubuntu/Debian
                   (BASH > sudo apt-get install pcsc-lite)
              2. Redhat/Fedora/CentOS/Scientific Linux
                   (BASH > su - or sudo yum install pcsc-lite)

     
F.  Firefox (mention there's no Win8 card reader support)
       1. Installing Trust
       2. Point Firefox to PKCS#11 library to use Smart Cards
              a. Windows and ActivClient Home Use
                     i. 32-bit: ACPKCS201-ns.dll
                    ii. 64-bit: ACPKCS211.dll
              b. Windows and CACKey from Forge.mil
              c. Linux and PCSC-Lite
                     i. Ubuntu/Debian: /usr/lib/pkcs11/libpkcs11.so
                    ii. Redhat variants: /usr/lib/pkcs11/libpkcs11.so
              d. Linux and Coolkey (Redhat only)
                     i. Install using sudo yum install coolkey
                    ii. Point to library at /usr/lib/coolkey/libcoolkey.so