- Connect a Smart Card reader to the mac.
- If a reader still needs to be purchased, more information is available in the PKI Tutorials section of Security Endeavors.com under Use a Cert > Home Use > Get A Reader
- Allow a few moments for drivers to be loaded when newly connecting any reader
- Install the DoD Root Chains to trust and use the CAC/PIV certificates
- Close Safari
- Open Applications, then open the Utilities folder and double-click Keychain Access
- Select File > Add Keychain
- Click the Keychains drop down and select the hard drive icon to go to the top level of the disk
- Navigate to System > Library > Keychains
- Select SystemCACertificate.keychain, then click Add
- Enter your Keychain password if asked to do so (same as login in most cases)
- Close the Keychain window
- Credit for steps goes to Centrify.com (source: http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js/html/wwhelp.htm#href=SCE_DownloadCert.html)
- Launch Safari again and proceed to the next step
- Download and install OpenSC (Open Smart Card), the software that lets applications like Safari talk to the certificates on a CAC/PIV token
- The latest OS X installers are at https://www.opensc-project.org/files/macosx/
- Please consider reading more about Open Smart Card for OS X
- https://www.opensc-project.org/opensc/wiki/MacInstaller
- Hosts technical information and answers some questions
- Download the topmost listed file by clicking on it once. When downloaded:
- Double click the .DMG file to have OS X present its contents
- Double click the PKG file in the window that opens to launch the installer
- Select all of the defaults, changing none of the options, and follow the prompts
- Enter the system Password (same as login) is asked.
- Close the installer when finished
- Close and re-launch Safari now that Open Smart Card is loaded
- Time to try it out!
- Using Certificates:
- Launch Safari with a Reader connected and a Smart Card inserted
- Navigate to https://www.my.af.mil
- Click the Agree button
- Enter the PIN in the window that is presented
- The Portal page will open (for AF personnel)
What does the end of life (EOL) for Centrify Express products entail? As of May 1 st, 2019, Centrify Express for SaaS and Mobile, Centrify Express for Mac and Centrify Express for Mac Smart Card users are no longer eligible to receive new security updates, non-security hotfixes, free assisted support options or online technical content updates from Centrify.
Centrify Download
![Express Express](/uploads/1/3/4/5/134559883/392101082.png)
Centrify App Download
- Related Articles KB-20210: Common Questions Regarding Centrify DirectControl and CoreOS HOWTO Setting-up the ServiceNow Centrify Privilege Access Request App Labs Using YubiKey (PIV or OATH OTP) to Secure Centrify Identity Service and Privilege Service HOWTO Set-up ServiceNow Automatic Provisioning in Centrify Identity Service Centrify 17.11 Release Notes Centrify 17.6 and 17.6 Hotfix.
- Currently, Centrify DirectControl supports the following smard card types: Common Access Card (CAC) Personal Identify Verification (PIV) both Common Access Card and Personal Identify Verification (CACNG) Alternative Logon Token (ALT) For Additional KB Articles related to Smart Card with Centrify, please refer to the following links.