• Home
  • SEHL
  • SE Interviews
  • CoreDump
  • Talks
  • Blog
  • About
Security Endeavors
Pursuing excellence in security

Smart Card support for Safari on a Mac running OS X (10.7.5)

Adding Smart Card support to Safari on a Mac running OS X 10.7.5 works well using an application called Open Smart Card or OpenSC. It's homepage says it works with OS X versions between 10.6.x to 10.8.x, but does not cover Mavericks.  This tutorial will focus on using Safari to authenticate to the AF Portal at https://www.my.af.mil. This method also works for reading unencrypted email with Outlook Web Access. So this should cover Snow Leopard through Mountain Lion, at least.
          • Connect a Smart Card reader to the mac.
            • If a reader still needs to be purchased, more information is available in the PKI Tutorials section of Security Endeavors.com under Use a Cert > Home Use > Get A Reader
            • Allow a few moments for drivers to be loaded when newly connecting any reader
          • Install the DoD Root Chains to trust and use the CAC/PIV certificates 
            • Close Safari 
            • Open Applications, then open the Utilities folder and double-click Keychain Access
            • Select File > Add Keychain
            • Click the Keychains drop down and select the hard drive icon to go to the top level of the disk
            • Navigate to System > Library > Keychains
            • Select SystemCACertificate.keychain, then click Add
            • Enter your Keychain password if asked to do so (same as login in most cases)
            • Close the Keychain window
              • Credit for steps goes to Centrify.com (source: http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js/html/wwhelp.htm#href=SCE_DownloadCert.html)
            • Launch Safari again and proceed to the next step
          • Download and install OpenSC (Open Smart Card), the software that lets applications like Safari talk to the certificates on a CAC/PIV token
            • The latest OS X installers are at https://www.opensc-project.org/files/macosx/
            • Please consider reading more about Open Smart Card for OS X
              • https://www.opensc-project.org/opensc/wiki/MacInstaller 
              • Hosts technical information and answers some questions
            • Download the topmost listed file by clicking on it once. When downloaded:
              • Double click the .DMG file to have OS X present its contents
              • Double click the PKG file in the window that opens to launch the installer
              • Select all of the defaults, changing none of the options, and follow the prompts
              • Enter the system Password (same as login) is asked.
              • Close the installer when finished
              • Close and re-launch Safari now that Open Smart Card is loaded
              • Time to try it out!
          • Using Certificates:
            • Launch Safari with a Reader connected and a Smart Card inserted
            • Navigate to https://www.my.af.mil
            • Click the Agree button 
            • Enter the PIN in the window that is presented
            • The Portal page will open (for AF personnel)