Military CAC Access

Anyone in the Armed Forces and need some help accessing their own networks? I found this excellent site, which shows step-by-step information for anyone needing to legitimately gain access from their home machines (following DOD policy of course). The instructions are well put together and detail out some of the absurdities of gaining access, one of which is needing to drop into the secure portal from a different machine, which you can only do by using a CAC (Common Access Card) reader.

Anyhow, once we got it figure it out was dead simple. You’ll need to install the ActiveClient and not just the drivers for the CAC reader. That client is what is behind closed doors and requires authentication. It did require going out and fetching DOD certificates which are apparently freely available which kind of tripped me up a bit– shouldn’t those certificates be hidden? Aren’t they essentially keys? Maybe I’m misunderstanding all this…

I used to work for a company that would self-sign their SSL certificate in order to have “secure” https Outlook Web Access (OWA). Given that the certificiate was signed by “itself”, and not some other authority, what is the purpose of having a certificate that can’t be vetted against a chain?

Clearly I don’t know enough about this…I’m hoping to do a bit of research as a side project and come back with some notes. Some day…

In the meantime I’m fooling around with iOS4, and thinking lazily about that new shiny thing that was announced yesterday. It’s very nice, but I haven’t had the brainpower to really drill too deeply into it…

4 thoughts on “Military CAC Access

To get on webmail, which of the fol needs to be checked in Internet Options, Advanced: SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2?
I get on, but the e-mail pane says “loading” and never loads. Any ideas?

    Robert Entenman

    I believe for most HTTPS services you’ll need SSL2, TLS1.0/1/2. I would leave as many of these encryption features on by default. Your issue sounds specific to the webmail client, and unfortunately I can’t offer much help on that. It may sound stupid but firing it up in a different browser may help in this regard.

Michael J. Danberry

Thanks for the posting regarding my website. To answer your question regarding the DoD certificates. Their only purpose on your computer is to allow you to get to the government websites and not receive a message that the site is not trusted. It imports them into your Intermediate certificate authority section in Internet Explorer. Web browsers lke Safari (on Apple) and Firefox will prompt you to accept the certificate the first time you visit the site. The DoD certs tries to make life simpler for you.

    Robert Entenman

    Understood! Well, thank-you for providing the resource. You were definitely a life-saver while trying to set up a new Win7 netbook for my mother-in-law. She mentioned that everytime she went to IT she felt like an idiot. Your guide helped us both understand what was going on, and how to remedy it.

Comments are closed.