Search MilitaryCAC:

Site Map

top logo

.com | .us | .ml  | .mobi | .net | .org

The Definitive Source for Everything CAC

Common Access Card help for your  Personal Mac Computer

Also available at:

Please ShareThis website with your friends and colleagues

Make a Donation button image







Between SEP 2019 and FEB 2020 everyone in the Army will be migrated to PIV AUTH certificate for Email access.  You will no longer use your Email certificate for Enterprise Email.


Mac users who choose to upgrade to Mac OS Catalina (10.15) will be unable to check their email as the built in ability will not read the PIV certificate, and 3rd party enablers are not allowed by Apply any longer.




MOST of the questions received can be corrected / answered by you trying these ideas first: 


1.  Please relook at the Mac CAC Install page for instructions on how to install what is needed to use your CAC on your Mac.


2. If you have already installed the needed program (based on the link in #1 above) or are having problems accessing websites you have successfully accessed previously, follow this page to learn how to clear the login section of your keychain.


3.  If you have an SCR-331 CAC reader, you may need to update the firmware to be able to use this older reader on your Mac.  There is no guarantee it will work, it is an option to try before purchasing a new reader.


4.  If you have an IOGear GSR202, GSR202V, or GSR203 CAC reader and are having problems using it.  You may need to downgrade the firmware on it [using a Windows computer (or Boot camped Mac)] by following these instructions.


4a.  If you have the SCR-3500A USB CAC reader, and trying to use it on 10.11.x (or above), you will need an updated driver, and may have to disable SIP


4b.  If you have the ACR-3801, 38, 38U, or 39 CAC reader, you need to update the driver.


5.  Please know not every CAC enabler will with work with specific versions of Mac OS.  The link in this sentence has a graph to show you which ones will work for your specific version of Mac OS.


6.  Follow instructions for loading the DoD certificates into your keychain.  Please NOTE, this was not needed in the recent past, but with newer CACs being issued, this is becoming a requirement now.


7.  If DTS is not working, please follow ideas on the DTS support page.


8.  If you purchased and installed PKard and are having problems, contact Thursby for support


8a.  If you installed Centrify Express and are having problems when using it, contact Centrify for support


8b.  If you purchased and installed Charismathics Smart Security Interface (CSSI) and are having problems, contact Charismathics for support


9.  If you have recently updated to the newest Mac OS from a previous version [and you were successfully using your CAC prior to the update], uninstall your CAC enabling program[s], restart computer, then install a new version of your CAC enabler.  Look at the CAC enablers page to see which CAC enablers are compatible with your new version of Mac OS.  Also follow #2 above


Others have had to disable Apple's SIP (System Integrity Protection).  It removes root rights to all system files.  So, any driver not signed by Apple will not be allowed to install.  To turn this off, please look here for instructions.


9a.  If you've just updated your Mac OS and your SCR 331, 3310, 3310v2, or 3500 model reader has stopped working, you may need to update the driver from Identiv's website: . Hold the control key [on your keyboard] when clicking the .pkg file [with your mouse], select [the word] Open


10.  You receive "Error Code: 500 Internal Server Error.  The server denied the specified Uniform Resource Locator (URL).  Contact the server administrator. (12202)."  Or your system worked recently, but has since stopped working for webmail / OWA, try these ideas: 

10-1.  Make sure you select your EMAIL certificate [for most users] and PIV certificate [for Dual Persona users].  IF you have selected the wrong certificate, you need to clear your keychain.

10-2.  Close all open browsers, reopen one and try accessing the site again.

10-3.  Clear your keychain, uninstall all CAC enabling programs, restart computer, reinstall one CAC enabling program, restart computer and try again.  You may want to try a different CAC enabling program.  

10-4.  Follow #6 above

10-5.  If you are considered Dual Persona, you'll need to review this chart to select one of the four known CAC enablers that support the PIV certificate. 


11.  If you are having problems logging onto all CAC websites [and you can see your name between the words: keychain and login in Keychain access] you may have blocked your CAC.  Only PKard and Centrify will let you verify a blocked CAC on a Mac, otherwise, you'll need a Windows computer (or virtual Windows) via ActivClient (or built in Smart Card program) to see if your CAC is blocked.  If your CAC is blocked, your only option is to visit an ID card office to get the card unblocked.


12.  If you see "f5, Your session could not be established"

f5 error image

when logging into your Enterprise Email, clear your keychain and try again.  You can also "Remove All Website Data" found under Safari, Preferences, Privacy.  If that does not work, try again later.  Remember to select your Email certificate [unless a dual persona, you'll use your activated PIV cert].  If your PIV is not already exposed, you'll need to find a Windows 7 computer that is setup for CAC and activate your PIV via these instructions.


13.  If you want to open / work on an NCOER (or any other PDF-F files) you need to have Adobe Reader installed on your Mac and make it your default PDF viewer.  By default your Mac uses Viewer to open PDFs, which will not allow digital signing.  You'll need to save the PDF-F to your computer, then open it.


14.  If you are having problems accessing CAC enabled websites, try disabling your Antivirus / web protection, if this works.. please follow the information below to let your security program access to the CAC enabled websites:

Avast users click Preferences, Shields (tab), disable "Web Shield," restart browser and try to access the website again.  You might try Adding ** [and any other websites you can't access] to the Exclusions section of Main Settings, read guidance here.   More information about what Avast is doing can be read here.


AVG Turn off Web Shield when you want to access CAC enabled websites


Bitdefender users can attempt to disable it when needing to use your CAC, if this doesn't work, you may need uninstall the program and find a different Antivirus program


Covenant Eyes can cause issues for some people.  Only fix we could find is to uninstall it.  Please call 877-479-1119, they can help troubleshoot the issue.  One person I spoke with had an outdated version.  Once the new version was installed, it worked again


Kaspersky users follow their guidance by adding https://* to the exceptions list

A few people had to turn off the Parental controls.

Another fix for Kaspersky users turn off "Traffic Processing" under "Network Settings"

-Another fix for Kaspersky users is to turn off "Inject script into web traffic to interact with web pages" located under Settings, Additional, Network.  Uncheck Inject script into web traffic to interact with web pages (under Traffic Processing), Select Continue

-Another fix is to change the "Encrypted connections scanning" option to "Do not scan encrypted connections" located under Settings, Additional, Network settings.


McAfee users follow their guidance to add https://*


15.  If you have recently purchased an SCR-3500 reader and it has a Part number of 905430-1 (sometimes shows as SCR-3500A) install this updated driver Hold the control key [on your keyboard] when clicking the .pkg file [with your mouse], select [the word] Open


16.  Some of the same "bad certs" that have caused problems for Windows users are now showing up in the keychain access section on Macs.


Note: The DoD Root CA 2 you are removing has the light blue background, leave the yellowish one

    image or image   DoD Interoperability Root CA 1 or CA 2   certificate
    certificate        DoD Root CA 2 or 3  certificate
    image or image   Federal Bridge CA 2016 or 2013  certificate
    image or image   Federal Common Policy CA certificate
certificate or image or image   SHA-1 Federal Root CA G2   certificate
    image or image   US DoD CCEB Interoperability Root CA 1 certificate


If you see the listed certificates, delete them, Once these certificates are deleted, close keychain.  Instructions can be read on the Keychain page


17.  If you have encountered any CAC enabled websites that have been working, recently stop working, please try adjusting your DNS.  Some people are receiving an error message similar to this: "The DNS server might be having problems.  Error Code:  INET_E_RESOURCE_NOT_FOUND"


- Follow guidance here to change your DNS server.


18.  Some websites that were once accessible from any CAC enabled computer such as:  ATRRS, MedPros, MOBCOP, US Army Signal Center, MyArmyBenefits, and Army Reserve Account Maintenance and Provisioning (ARAMP) websites are now only accessible from the NIPRnet.  Which means no more CAC access from home.  You'll now need to access these sites from your unit, use your organizations Citrix connection (Army Reserve), or unit issued computer and use VPN.


19. On Monday 17 September 2018, Apple released Safari version 12 for Mac OS Sierra (10.12.x) and High Sierra (10.13.x).  This version of Safari will make your CAC no longer work on your Mac.  The only known solution currently is to install and use Google Chrome. or upgrade your computer to Mac OS Mojave (10.14.x) and Safari should work fine.






If you are a Windows user (or using Windows in a Virtual Machine or Bootcamp), go here for support.  (Please do NOT use the form below for Windows questions).


Please provide the correct information asked in the form below.  The intent is to reply to you with correct ideas for you to try.  We may offer incorrect ideas to fix your issue if you provide incorrect information below.



Windows Users go here

Linux Users go here







The 5 current CAC Types are...

(Look at the back of your ID card above the black strip for any of these.  If you have any other version, you need to visit an ID card office and get it replaced.  All CACs other than these four were "supposed" to be replaced by 1 October 2012).

A guide to help figure out which CAC you have

Gemalto 144 CAC image GemaltoDLGX4-A 144 image  Oberthur 5.5 CAC image Oberthur 5.5a CAC

G&D FIPS 201 SCE 3.2 image


Which CAC do I have video

Read more about the older CACs and replacing them

back to top


Contact us the following ways:

1. Contact form above (Preferred method)
2. CALL / TEXT / Skype / FACETIME  
3. Through remote access to your computer


If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?


ACRONYM Reference Page


GoDaddy Site Certified seal


Last Update or Review:  Friday, 13 September 2019 21:26 hrs


The following domain names all resolve to the same website:,,, &