Accessing CAC-Restricted Sites From Home



Similar documents
Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware

OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

Outlook Web Access 2003 Remote User Guide

OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

Remote Access End User Reference Guide for SHC Portal Access

The UC Learning Center: Disabling Pop-Up Blockers


Accessing DoD Enterprise , AKO, and other DoD websites with Internet Explorer & Edge (Windows 10) on your Windows computer

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

Table 1 summarizes the requirements for desktop computers running the Participant Application and the myat&t utility.

Install and End User Reference Guide for Direct Access to Citrix Applications

Defense Logistics Agency. Virtual Desktop: User Guide

Sale Grammar School Remote Desktop Services User Instructions

VPN User Guide. For Mac

MITA VPN Client Software Installation Guide

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

VPN User Guide. For Mac

Frequently Asked Questions Cabinet WEB 9.0

Known limitations The following table lists features and their known limitations in Internet Explorer 8 (64-bit) and Internet Explorer 9 (64-bit).

Connecting to Remote Desktop Windows Users

Accessing DoD Enterprise , AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer

Remote Access Services Apple Macintosh - Installation Guide

In order to get the most out of your Bert Rodgers courses, it is important to ensure that your computer meets some minimum system requirements.

Wireless Printing Setup Guide

How To Use A Pvpn On A Pc Or Mac Or Ipad (For Pc) With A Password Protected (For Mac) On A Network (For Windows) On Your Computer (For Ipad) On An Ipad Or Ipa

2-334 BN (BCT) - United States Army s Common Access Card (CAC) Instructional Units

CITRIX TROUBLESHOOTING TIPS

How to Use the Billericay School Portal

client configuration guide. Business

Using Access.Centegra.Com (Physician Access) Secure Remote Access from the Internet

MED ACCESS USER INSTRUCTIONS FOR INSTALLING THE CITRIX RECEIVER FOR ACCESS TO ALBERTA NETCARE VIA PLB

1. To ensure the appropriate level of security, you will need Microsoft Windows XP or above.

Accessing TP SSL VPN

DOE VPN Client Installation and Setup Guide March 2011


Connecting Remotely via the Citrix Access Gateway (CAG)

Carroll Hospital Center

mystanwell.com Installing Citrix Client Software Information and Business Systems

HYPERLINK Internet PC setup guide. HYPERLINK Internet support helpdesk at

Dartmouth College Technical Support Document for Kronos PC version

How to connect to the Middle Country Public Library Wireless Network (mcpl-ap) using Windows XP

UNIT ASSESSMENT SYSTEM DOCUMENTATION FACULTY

E M A I L S E T - U P G U I D E

VALKEE BRIGHT LIGHT HEADSET

Using desktop ANYWHERE

VPN User Guide. For PC

Instructions for Department of Public Health (DPH) WebConnect (Mac)

formerly Help Desk Authority Upgrade Guide

Using the ScoMIS Remote Access Service (VPN Gateway) to access the ScoMIS SIMS.net Terminal Server Service.

GrandView. Web Client Software Requirements and Recommendations. Revision

Connecting Remotely via the Citrix Access Gateway (CAG)

How to Enable TLS 1.0 in the Browser. Directions on enabling this security feature in your Internet Browser

MetroHealth Information Services

1. Accessing the LONZA network from a private PC or Internet Café

Citrix Introduction and FAQs

Remote Desktop Access

How to Disable Common Pop-Up Blockers

SmartGrant Web Browser Set-Up

Minimum Computer System Requirements

Checking Browser Settings, and Basic System Requirements for QuestionPoint

How To Install the Virtual Learning App

SENDING AND RECEIVING PROTECTED INFORMATION VIA ELECTRONIC MAIL. Naval Medical Center Portsmouth IMD Training Division

Recommended Browser Setting for MySBU Portal

SSL VPN Support Guide

SSL VPN Support Guide

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

ARCHER & GREINER. Citrix Client Install Instructions - For ALL Citrix Users. BigHand Client Install Instructions - For BigHand Users Only

Microsoft Windows Installation and Troubleshooting Guide

System Administration Training Guide. S100 Installation and Site Management

Remote Access Services Microsoft Windows - Installation Guide

Set Up Setup with Microsoft Outlook 2007 using POP3

Before You Begin Installing Your Scanner

Labour Market Programs Support System. LaMPSS Computer Compatibility Guide

Citrix : Remediation - MAC

Adobe Reader Settings

HRC Advanced Citrix Troubleshooting Guide. Remove all Citrix Instances from the Registry

CHECK POINT MOBILE ACCESS VPN

This walk-through was created using Windows XP as a guide, however alternate versions of the Windows OS will be very similar in procedure as well.

Student Home

REMOTE ACCESS USER GUIDE

JMC Next Generation Web-based Server Install and Setup

Activation procedure for LuxTrust Signing Stick/Smartcard on the Microsoft Windows operating system

dotmailer for Salesforce Installation Guide Winter 2015 Version

Section 1.0 Getting Started with the Vālant EMR. Contents

Network Connect Installation and Usage Guide

Medstar Health Dell Services

Outlook Plugin. What is MangoApps for Outlook?

Video conferencing with its multiple simultaneous video chats demands a good deal from your computer. The following platforms are required:

Web24 Supported Software

First Advisors Login Guide

Unity web- player issues in browsers & in client system

Tactics, Techniques, & Procedures (TTP) Dual Persona Personal Identity Verification (PIV) Authorization Certificate

MyReports Recommended Browser Settings MYR-200a

Transcription:

Accessing CAC-Restricted Sites From Home If you are already able to reach Air Force (AF) sites with your Common Access Cards (CAC) from home, you probably do not need these instructions. This document may be helpful if you: Have never used your CAC from home. Have attempted to submit an ASAP Report or view the Scoreboard either from home or work with Internet Explorer (IE), but have received one of the errors described in I m at work and can t connect to ASAP? on the last two pages of these instructions. Department of Defense (DoD) and AF personnel can leverage the capability, security, and access of their CACs to conduct official AF business, away from the office, with the latest AF release of ActivClient (Currently version 6.2 [Oct 2011]; latest version and build is always available on the AF Portal) The AF Public Key Infrastructure (PKI) System Program Office (SPO) provides this software for conducting official AF business from non-government machines (e.g., home use). PKI certificates installed by ActivClient are required to access critical AF information gateways, including ASAP, Outlook Web Access (OWA) for email, the AF Portal, AF networks and systems, and DoD Web sites. To enable a personal or nongovernment computer to access these official resources, information is provided below on downloading the "Home Use" middleware package. Disclaimer Obtaining or purchasing CAC reader hardware remains the responsibility of the home user. In some cases, local or MAJCOM policy may contain additional provisions. Users are responsible for upgrading their systems to meet the minimum system requirements. The AF will not purchase or provide any products for personal computers, with the exception of the middleware package, which is licensed to the AF for AF users. Neither the AF Safety Center (AFSEC), nor the AF PKI SPO offers technical support for installation, configuration, or troubleshooting on unmanaged home computers. Each MAJCOM, Agency, or Direct Reporting Unit (DRU) determines its policy for CAC-PKI home use and how its' home users receive technical support. Users should contact their computer support personnel for local policy guidance. The installation of the Home Use Middleware application or DoD Root Certificates is not inherently difficult nor does either impose undue risk to personal computers. However, home users who are uncomfortable with performing these tasks should consider consulting their unit CSA for advice or obtaining the assistance of someone knowledgeable in the installation of computer software. Accessing CAC-Restricted site on a Mac may require the installation, configuration, and use of either commercial or open source software. Neither AFSEC, the AF PKI SPO, nor the contractor endorse or recommend either commercial or open source solutions which are included for information only. Users attempting to install and configure open source solutions should be competent and knowledgeable before attempting to make required changes. Technical support would need to be obtained from the commercial or open source provider.

Note: The appearance of hyperlinks does not constitute endorsement by the U.S. Air Force or the information, products, or services contained therein. For other than authorized activities, such as military exchanges and morale, welfare, and recreation sites, the U.S. Air Force does not exercise any editorial control over the information you may find at these locations. Such links provided are consistent with the stated purpose of this DOD Web site I m at home, how can I connect to ASAP? Windows XP or Windows Vista You need the latest version of ActivClient Home Use Middleware, a relatively new CAC Reader, and IE Version 8 or greater. If you are using ActivClient 6.1 or an earlier build of version 6.2, you should upgrade to avoid potential problems with the latest CACs. Periodically check the AF Portal to ensure you have the most recent update to ActivClient. Same for the CAC reader, the older readers have problems reading the latest version of the CAC. If you need a new reader, AAFES carries a reasonably priced reader in the PowerZone that works well, or you can search online. Again, make sure you choose the latest version of a CAC Reader. If you do not have ActivClient on your personal computer or need to upgrade, you will need to access the AF Portal from work and download the latest version. It is ~38MB so it will easily fit onto a CD. For installation on your home computer, be sure to select the correct version for either 32 or 64-bit operating systems. Most home computers run Windows 32-bit versions. ActivClient automatically installs the latest DoD Root Certificates onto your computer. If you get the error described in below in I m at work and can t connect to ASAP?, you should make the changes to IE as noted in the instructions. Windows 8 The AF PKI SPO does not plan to offer a Home Use Middleware client for Windows 8 as the native CAC capability is sufficient for home users. Follow the directions for Windows 7 below. Exception: Launch IE from the Windows 8 Desktop taskbar; do NOT use the browser on the Metro interface. Windows 7 You have two options: First option is to install the latest version of ActivClient from the AF Portal. I m at home, how can I connect to ASAP? 2

Second option is to utilize Windows 7 s native ability to read and use CAC-based PKI certificates: Plug in your CAC Reader (many newer readers do not require additional drivers). Insert your CAC. You may need to verify that your card is compatible with Windows 7 s native capability by opening IE s Certificate Store (Tools/Internet Options/Content Tab). Select the Certificates button in the Certificates section. Click the Personal Tab and verify three certificates are present as shown. Go to http://dodpki.c3pki.chamb.disa.mil/rootca.html. This site is not CAC or.mil restricted. Follow the instructions and download/install all three root certificates. Open IE. Note Windows 8 users: Launch IE from the Windows 8 Desktop taskbar; do NOT use the browser on the Metro interface. Go to Tools/Internet Options/Security. Click the Trusted Sites icon and add usafmfoqa.com to your trusted sites. You may now access CAC-restricted sites. Note Windows 8 users: Do NOT use the browser on the Metro Interface; always use the browser on the desktop taskbar. You may need to alter your security settings in Internet Options/Advanced tab. See instructions in I m at work and can t connect to ASAP?. I have a Mac, how can I access ASAP from home? The advice below comes from the AF Portal, including the links to www.militarycac.com (militarycac is not an official site, but is developed and maintained by a US Army CW3 with a desire to help his fellow soldiers get online from home). While primarily addressed to US Army personnel, this site contains information on home CAC use that is applicable to all services. The ActivClient software is Windows only and will not install on Apple OS-X operating systems. This depends on the version of OS-X you are using. OS-X 10.6 (Snow Leopard) has a native ability to read and use a CAC. We suggest you visit www.militarycac.com/apple.htm and select I have a Mac, how can I access ASAP from home? 3

the link to the version of OS-X you are running for instructions on how to set up your Mac to read a CAC. Note: militarycac.com reports more success using Google Chrome than Safari. If you have upgraded to OS-X 10.7 (Lion), you have a different problem. Lion no longer has the native ability to read a CAC. Go to www.militarycac.com/apple.htm and click the Lion link for a detailed description and options. Essentially, you have a choice of a commercial solution or several open source solutions. The ASAP team has successfully tested the commercial solution on OS-X 10.8.3 but has not tested the open source solutions. This is not a recommendation for or against either. Note: the commercial solution does not support Firefox, but does work with Safari and Chrome. What about other browsers? This is based on limited successful testing with other browsers. Testing suggests that only IE requires modifications to security settings. Government Computers/Networks AF Standard Desktop using AF network: IE8 and Firefox 11.0 are both authorized for use. If Firefox is not installed on your computer, check with your CSA for installation. Both were tested while connected to the AF network [direct and Virtual Private Network (VPN)]. See I m at work and can t connect to ASAP? below if you are attempting to connect and get an error. Personal Computers Operating System Windows XP Windows Vista Windows 7 Mac OS-X Browser Test Results Testing with IE8 was not successful. No other browsers were tested. Tested successfully with IE8 after adding usaf-moqa.com to Trusted Sites. No other browsers were tested. IE9, Google Chrome 18 (Note: ActivClient was not installed for Windows 7 testing). Testing with Firefox was not successful. Safari 5.1.5, Google Chrome 18 (Note: Commercial solution recommended by militarycac.com used). Testing with Firefox was not successful. Where else can I go for more information? The Home Use Middleware page on the AF Portal has instructions, suggestions, and links to www.militarycac.com I m at work and can t connect to ASAP? AF Standard Desktop includes IE8 with an option to install Firefox (currently version 11.0). Firefox should connect without any user intervention. Home users may experience the same error(s) and should try these steps as well. What about other browsers? 4

With IE, you may get one of the following errors: Error 1: IE Cannot Display Webpage Error Error 2: Website Decline to Show Webpage Error (HTTP 403 Forbidden) Both of these errors are the result of Security Settings in IE, but are easily fixed. Unfortunately, they are common to certain CAC authenticated websites. Making these changes is easy and readily reversible. Before making these or any changes, you may want to check with your CSA. I m at work and can t connect to ASAP? 5

Open IE. Select Tools/Internet Options. Click the Advanced tab. Scroll to the bottom of the list in Settings Uncheck SSL 2.0, TLS 1.1, and TLS 1.2 (Only SSL 3.0 and TLS 1.0 should remain checked). Click OK. Home users: Tools/Internet Options/Security Tab. Click the Trusted Sites icon. Add https://usafmfoqa.com. Recommended SSL / TLS Security Settings for IE This should allow you to connect using IE. If you still cannot connect, contact your CSA. You may want to consider installing and using the AF authorized version of Firefox to access ASAP from your government computer. I m at work and can t connect to ASAP? 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information