Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware



Similar documents
Accessing CAC-Restricted Sites From Home

RAPIDS Self Service User Guide

SENDING AND RECEIVING PROTECTED INFORMATION VIA ELECTRONIC MAIL. Naval Medical Center Portsmouth IMD Training Division

How to Publish Your Smart Card Certificates Using Outlook 2010

Using etoken for Securing s Using Outlook and Outlook Express

Outlook Web Access 2003 Remote User Guide

Accessing DoD Enterprise , AKO, and other DoD websites with Internet Explorer & Edge (Windows 10) on your Windows computer

OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

Joint Knowledge Online. CAC Login Troubleshooting Guide

Tactics, Techniques, & Procedures (TTP) Dual Persona Personal Identity Verification (PIV) Authorization Certificate

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

AKO Shutdown Quick Reference Guide

Get Smart Card Ready. How to Recover Your Old (Expired) Certificates

Using TLS Encryption with Microsoft Outlook 2007

Guide for Securing With WISeKey CertifyID Personal Digital Certificate (Personal eid)

Accessing DoD Enterprise , AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer

Digital Signatures. Digital Signatures - How to enable validation of Siemens PKI signatures in Adobe Reader? Issued by: Date 01/2016

Administration Guide ActivClient for Windows 6.2

OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

HRC Advanced Citrix Troubleshooting Guide. Remove all Citrix Instances from the Registry

UCO_SECURE Wireless Connection Guide: Windows 8

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

Presented by: Michael J. Danberry. Last Revision / review: 07 October ActivClient download locations:

SECURE USER GUIDE OUTLOOK 2000

Guide Installing Digital Certificates in Outlook 2000

How to use Certificate in Microsoft Outlook

NICCA User Guide for digitally signing Using Digital Signature Certificate (DSC) in Outlook Express

Exchange 2010 PKI Configuration Guide

Entrust Managed Services PKI

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

PROCEDURE FOR DSC CONFIGURATION. A. Installation of the driver has to be done for the first time and only once.

USING SSL/TLS WITH TERMINAL EMULATION

PaperClip. em4 Cloud Client. Manual Setup Guide

XCM Internet Explorer Settings

PKI Contacts PKI for Fraunhofer Contacts

Adding Digital Signature and Encryption in Outlook

eadvantage Certificate Enrollment Procedures

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards

Citrix Web Client Installation and CAC Registration Guide

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

Smart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER

Set Up Setup with Microsoft Outlook 2007 using POP3

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Configuring Jet Express for Microsoft Dynamics NAV 2013

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

External Partner and Customer Login Instructions via myngc Portal

How to Setup Your MS Outlook Account to Digitally Sign and Encrypt s. Setting up your Account to Digitally Sign s

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

Set up Outlook for your new student e mail with IMAP/POP3 settings

etoken Enterprise For: SSL SSL with etoken

Recommended Browser Setting for MySBU Portal

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

New Mexico State University

Charismathics Smart Security Interface for Mac OS X Version 5.0. User Manual

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

Fixing Certificate Problems Some users have recently had problems installing Silect products. The symptoms are typically an error like the following:

Using Entrust certificates with Microsoft Office and Windows

Instructions for Microsoft Outlook 2003

Backing up Microsoft Outlook For the PC Using MS Outlook 2000 Keith Roberts

How to configure your Acrobat Signature Appearance

1. Open the Account Settings window by clicking on Account Settings from the Entourage menu.

Implementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

Configuring Your Suffolk on Outlook Express 6.x

TELNET CLIENT 5.0 SSL/TLS SUPPORT

6. Is it mandatory to have the digital certificate issued from NICCA? Is it mandatory for the sender and receiver to have a NIC id?...

Validating Digital Signatures in Adobe

Remote Access Using the USDA LincPass

Requesting a JIAT Account. Joint Integrated Analysis Tool (JIAT)

ADFS Integration Guidelines

Gold Lock Desktop. User Manual. Follow these simple steps to install, configure, and use Gold Lock Desktop.

User Guide May Using Certificates in Outlook Express

Versions Addressed: Microsoft Office Outlook 2010/2013. Document Updated: Copyright 2014 Smarsh, Inc. All right reserved

Basic Exchange Setup Guide

Managed Services PKI 60-day Trial Quick Start Guide

Team Foundation Server 2012 Installation Guide

Mozilla Thunderbird: Setup & Configuration Learning Guide

I. Configuring Digital signature certificate in Microsoft Outlook 2003:

eshuttle Dictate Manual Software Version 1.0

MyKey is the digital signature software governed by Malaysia s Digital Signature Act 1997 & is accepted by the courts of law in Malaysia.

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

Instructions for Connecting to PACS outside of a Regional Facility

Personal Secure Certificate

How To Validate a Digitally Signed PDF document. [7 th September 2006] SECURITY TRUST COMPLIANCE REGIONALITY

Operating System Installation Guide

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2007

How to use Certificate in Outlook Express

FBCA Cross-Certificate Remover 1.12 User Guide

Reading an sent with Voltage Secur . Using the Voltage Secur Zero Download Messenger (ZDM)

Outlook 2010 Setup Guide (POP3)

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2010

Configuring Outlook for Windows to use your Exchange

How to install and use the File Sharing Outlook Plugin

Configure Your Computer to Work With Microsoft Word - Windows Vista

Overview ActivClient for Windows 6.2

How To Send An Encrypted In Outlook 2000 (For A Password Protected ) On A Pc Or Macintosh (For An Ipo) On Pc Or Ipo (For Pc Or For A Password Saf ) On An Iphone Or

RSC-Secure-Wireless provides...

Employee Express - PIV Card Registration Instructions

Transcription:

Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware Problem: Microsoft Windows 7 includes a native capability to read and use the newest CACbased PKI certificates without installing smart card middleware such as ActivClient (AC). If you have a fully Personal Identity Verification (PIV) II-compliant CAC, you may be able to use your CAC on Windows 7 home machines, to access web sites, without having to install middleware. The following instructions will help you to configure Windows 7 to use a CAC without additional middleware in some cases. These instructions are not applicable if you already have middleware installed. Solution: NOTE: These instructions are provided as general guidance for home use only. The AF PKI SPO cannot support help desk calls concerning use of CACs on home machines. If these instructions do not work on your system, contact your Client Support Administrator (CSA) to obtain a copy of the ActivClient Home Use Middleware package. The Windows 7 version of home use middleware is estimated to be available February 2010. 1. Verify that you have a fully PIV-II-compliant CAC. To determine if your card is compliant, check the card type printed on the back of your CAC. If the type is Gemalto TOP DL GX4 144K or Oberthur ID One 128 v5.5 Dual then the CAC is fully PIV-compliant. If the type is Gemalto GCX4 72K DI or Oberthur ID One V5.2 Dual then there is a POSSIBILITY that the CAC is fully PIV-II-compliant depending on when and where your CAC was issued. All other card types are not PIV-II-compliant and cannot be used with Windows 7 without additional middleware. To definitively determine if your CAC is PIV-II-compliant, use the following directions (these directions assume you do NOT have middleware already installed on your machine). i. Install a card reader on your Windows 7 machine. Verify the card reader is properly installed by checking that a reader is listed in the Device Manager under Smart card readers. (The Device Manager can be accessed by opening the Start menu, right-clicking Computer {which may be listed as a computer name}, and selecting Manage.)

Insert the CAC in the reader. Verify the card reader is successfully recognizing the CAC by checking that an Identity Device is listed in the Device Manager under Smart cards as shown below. If it is, your CAC may be PIV-II compliant. If your CAC is not PIV-II-compliant, the smart card will show up under Other devices as shown below:

ii. Open the Internet Explorer (IE) Certificate Store. If you think your CAC is PIV-II compliant, go into IE, select Tools\Internet Options\Content\Certificates. The Personal Tab should open by default. If your CAC is PIV-II-compliant, you should see 3 certificates issued to you by DoD as shown below: Two of these certificates (the ones that have EMAIL in the Issued By field) are your standard DoD E-mail Signature and Encryption certificates. The third certificate is your PIV Identity certificate. This PIV Identity certificate is a different certificate than the DoD Identity certificate you normally see when using ActivClient middleware. This should not impact your Home Use operations. If your CAC is not PIV-II-compliant, no certificates will be listed in the Personal Tab. You will have to install the ActivClient 6.2 middleware Home Use Package (expected availability February 2010) in order to use your CAC with Windows 7.

NOTE: if you suspect you do not have a PIV-II compliant card DO NOT request a new card. Fully PIV compliant CACs will be issued via normal attrition. If your card type is Gemalto GCX4 72K DI or Oberthur ID One V5.2 Dual then there is a possibility that it can be made PIV-II compliant by using the User Maintenance Portal/Post Issuance Portal (UMP/PIP) and selecting the PIV Update option. UMP/PIP will tell you at that point if the card cannot be updated. See your CSA for assistance with UMP/PIP. 2. Install the DoD PKI Trust Chains. Access the DOD Root CA Download web page (http://dodpki.c3pki.chamb.disa.mil/rootca.html) and follow the directions on the page to install all of the trust chains on your Windows 7 machine. 3. Add Outlook Web Access (OWA) address to IE8 Trusted Sites (for OWA users only). The OWA website must be listed as a trusted site in order for the user to sign or decrypt email. Open IE8 and select Tools\Internet Options\Security. Select the Trusted Sites zone, then click on Sites. Type the address for your OWA website (for example: https://lackland.mail.us.af.mil/owa) in the box labeled Add this website to the zone and click Add. The site will be added to the list. Click Close and then OK to exit the Internet Options window. 4. Access web sites and authenticate with your CAC-based certificates in IE as usual. You will be prompted to select a certificate and enter your Personal Identification Number (PIN) as shown in the screenshots below. IMPORTANT: If you are accessing a web site that is linking back to your network account as Sharepoint or Outlook Web Access (OWA), you may need to select your E-mail Signature certificate (the one that has EMAIL in the Issued By field) in order to authenticate. The PIV Identity certificate (the one that does NOT have EMAIL in the Issued By field) will not work with your Active Directory account (any use that connects back to your work account, like Sharepoint or OWA) unless you have used LEAP with this particular CAC to populate your ID Certificate information. Your PIV Identity certificate can always be used to client authenticate to web sites that are not linking back to your network account.

5. If you are having issues accessing a web site with your CAC, try the following: i. Add the web site to the IE Trusted Sites list (in IE under Tools\Internet Options\Security). ii. Open the IE Certificate Store by selecting Tools\Internet Options\Content\Certificates. For each of your certificates in the Personal tab, highlight the certificate and click the Advanced button. From within the Advanced Options configuration window select the checkbox for "Client Authentication" then click OK. (These settings are normally NOT required to use the CAC certificates with Windows 7). iii. In the IE Internet Options window select the Advanced tab. In the Settings box, scroll to the Security section and verify that the checkboxes for TLS 1.0 and SSL 3.0 are checked. If, after following these instructions, you are unable to get your CAC to work, contact your CSA and request the ActivIdentity Home Use middleware package (estimated availability February 2010).

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information