Smart Card support for Safari on a Mac running OS X (10.7.5)
Adding Smart Card support to Safari on a Mac running OS X 10.7.5 works well using an application called Open Smart Card or OpenSC. It's homepage says it works with OS X versions between 10.6.x to 10.8.x, but does not cover Mavericks. This tutorial will focus on using Safari to authenticate to the AF Portal at https://www.my.af.mil. This method also works for reading unencrypted email with Outlook Web Access. So this should cover Snow Leopard through Mountain Lion, at least.
- Connect a Smart Card reader to the mac.
- If a reader still needs to be purchased, more information is available in the PKI Tutorials section of Security Endeavors.com under Use a Cert > Home Use > Get A Reader
- Allow a few moments for drivers to be loaded when newly connecting any reader
- Install the DoD Root Chains to trust and use the CAC/PIV certificates
- Close Safari
- Open Applications, then open the Utilities folder and double-click Keychain Access
- Select File > Add Keychain
- Click the Keychains drop down and select the hard drive icon to go to the top level of the disk
- Navigate to System > Library > Keychains
- Select SystemCACertificate.keychain, then click Add
- Enter your Keychain password if asked to do so (same as login in most cases)
- Close the Keychain window
- Credit for steps goes to Centrify.com (source: http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js/html/wwhelp.htm#href=SCE_DownloadCert.html)
- Launch Safari again and proceed to the next step
- Download and install OpenSC (Open Smart Card), the software that lets applications like Safari talk to the certificates on a CAC/PIV token
- The latest OS X installers are at https://www.opensc-project.org/files/macosx/
- Please consider reading more about Open Smart Card for OS X
- https://www.opensc-project.org/opensc/wiki/MacInstaller
- Hosts technical information and answers some questions
- Download the topmost listed file by clicking on it once. When downloaded:
- Double click the .DMG file to have OS X present its contents
- Double click the PKG file in the window that opens to launch the installer
- Select all of the defaults, changing none of the options, and follow the prompts
- Enter the system Password (same as login) is asked.
- Close the installer when finished
- Close and re-launch Safari now that Open Smart Card is loaded
- Time to try it out!
- Using Certificates:
- Launch Safari with a Reader connected and a Smart Card inserted
- Navigate to https://www.my.af.mil
- Click the Agree button
- Enter the PIN in the window that is presented
- The Portal page will open (for AF personnel)