If you’re trying to access your DoD email or a CAC-required site from home, you will need a CAC reader. These are typically part of a keyboard but can also be standalone USB devices. Once you have one of these and ActivClient installed, you should be ready to go. It should “just work”. If, for some reason, you’re not able to log in, then there are many things that could be wrong. Most often, though, you need to update your CAC card itself. If you can’t log in, then it means that your card no longer meets the minimum requirements to do so. Head into your local PSD, request an upgrade to a newer version of the card, and you should be good to go.
If your PC accepts the CAC reader but you can’t log in, it might mean that you need to install a newer version of ActivClient. To check if you need it or not, just take a look at the device manager and scroll down to Smart Card readers. Look for your CAC reader, and if it says Gemalto TOP DL GX4 144 or Oberthur ID One 128 v5.5 Dual, that’s the type of CAC you need to use and requires ActivClient.
It’s important to note that if you are on a Mac, you do NOT need DoD root certificates or ActivClient. However, you will need to follow this link for the registry edits that need to be made.
How Do I Update My CAC Email Certificates?
Some CAC users have issues with their email certificates. If you are getting a message that says, “Your certificate is not trusted” or something similar, there are a few ways to fix it. First, make sure your browser is set to trust all certificates from DoD sites. You can do this by going to the Internet Options menu in your browser and selecting the Advanced tab. Click the Certificates button and then select the checkbox next to “Show Certificate in the Browser Security Warning”.
Another way to update your certificates is to use ActivClient, which is a program that allows you to access DoD CAC-enabled web pages. It is designed to work with Firefox, but it can be used with other programs as well.
If your CAC is on an impacted card platform (see the list below), you will need to return to a DEERS/RAPIDS location and obtain a new one before RSS can add your PCC or update your PKI certificates. If your card is not impacted, you can proceed with these steps:
How do I remove certificates from my CAC reader?
If you are getting an error that says your PIV/CAC certificate has expired, you can run this command from IE in the “PIV or CAC Details” section and click “View Certificate.” Select the certificate to remove and click the “Remove” button. This will remove the certificate from XMS, and you will no longer be able to log into XMS with that particular card. You can also click “Delete” to completely delete the card and all of its credentials.
The CAC is a smart card that is set up in a specific way for Department of Defense purposes. It is primarily used for authentication, but it can also be used for other things like storing email certificates or accessing certain websites. The card is loaded into Windows and can be accessed by using the ActivClient software (or by inserting the card itself). Once you are in ActivClient, you can view all of the certificates that are stored on your CAC, and you can also view a summary of how much time your electronic certificate has left before it expires.
How do I fix my CAC certificate?
While the CAC offers a wide variety of functions, it is primarily used for authentication. It does not store specific information related to food service, training, dental, medical, or physical/logical access. These are handled by specialized systems on your component/command.
The only way you can access the information on your CAC is to enter the PIN number, which is unique to you. Only you know the PIN and should never share it with anyone.
If you are experiencing problems with your CAC certificate, please contact your nearest RAPIDS site for assistance. You can also bring your CAC in for renewal up to 90 days prior to expiration. This will reset the PIN and renew the certificate. Upon returning to work, you will have an updated certificate, which should alleviate the problem.