Common Access Card (CAC) Setup on Arch Based Linux Systems

Scope: To enable a CAC reader on an Arch linux based systems. This will give the users access to CAC enabled sites (ie. government webmail, TEDS, etc..) without the use of a windows machine.

• Install opensc and ccid

sudo pacman -S ccid
sudo pacman -S pcscd 

• Enable pcsd service

sudo systemctl enable pcscd

• Start pcsd service

sudo systemctl start pcscd

• Load the security device

  • Navigate to Firefox Settings -> Privacy and Security -> Scroll down to Certificates -> select Security Devices
  • click “Load” to load a module using /usr/lib/opensc-pkcs11.so or /usr/lib/pkcs11/opensc-pkcs11.so

• At this point, your browser will function but it is advised to close your browser and reopen it.

• Additional, but not required steps

  • Go to: https://public.cyber.mil/pki-pke/pkipke-document-library/
  • Download “PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.9” or use this link: https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_DoD.zip
  • Unzip the files
  • Open Firefox
  • Navigate to Settings -> Privacy & Security -> Scroll Down to Certificates -> View Certificates
  • Select Import (make sure to at-least check the box for “Trust this CA to identify websites”)
  • Navigate to your extracted files and select in order:

    • Certificates_PKCS7_v5.9_DoD.der.p7b

    • Certificates_PKCS7_v5.9_DoD.pem.p7b

  • You are all set. Now you should not see warnings about untrusted sites when viewing government webpages.