This only works on mac running os 10.5.8, safari 4.0.3, scr331 firmware 5.25. (all newest releases as of 8/18/09). Follow instructions on militarycac.com for install of x509 chains, unlocking the cac card, but when picking certs, pick second one, email ca-19, the one with "derive, wrap, etc" in details. Then, it differs from website again, add a identity for ttps://cgwebmail.uscg.mil, then a second for ttps://cgwebmail.uscg.mil/ and then also ttps://cgwebmail.uscg.mil/exchange (of course add the h, didnt want links to show up, and dont forget the s, which the website misses). Then exit out, start safari go to ttps://cgwebmail.uscg.mil, enter pin, works perfect for me for 3 days now, no probs, never worked at all before.

Ok, I have cut and copied from militarycac.com (with all copyright going to them) with the correct info to get it to work, at least how mine does. Follow the below to the "T." This is to simplify my first post and put it in one form.

YOU MUST UPDATE CAC READER TO 5.25 FROM PC FIRST. FOLLOW INST BELOW.

On another note, when you go to the link to flash your scr331 to vers. 5.25,(the SCM systems website), choose from the choices: SCR331/531 CCID USB, then choose WIN98SE from the version choices, click ok to the EULA, then you will see the firmware upgrade. Note, you have to do this from a PC first. I have not tried the old firmware, but 5.25 DOES WORK. You may have to download a new firmware upgrader from their site also, (man I hate PC)

Step 1: Update your system. (10.5.6 is the minimum required for Leopard, I would use 10.5.8, its available for free and works and safari 4.0.3, click on eh apple and down to software updates)

Step 2: Plug in your Card Reader to the USB Port

Step 3: Click the Apple Icon in the upper left corner of your desktop and select "About This Mac"

Step 4: Click the "More Info" Button within the window that pops up. (This open System Profiler)

Step 5: Within the "Hardware" Category select the "USB" Section. On the right hand side of the screen the window will display all hardware plugged into the USB ports on your Mac. Within this should be a Smart Card Reader. If the Smart Card reader is present here it is installed on your system. If you have an SCR-331 proceed to step 6, for all others proceed to step 8.

Step 6: (For those with SCR-331 Card Readers only) If you are having issues and have not updated to 5.25 you must do so. Select the Smart Card Reader . Below the card USB window will be another window that displays the hardware's information.

Step 7: Verify your Firmware Version. The following is for those with an SCR-331 Reader, others must consult their hardware manufacturers in order to get the most up to date firmware. The firmware version should be 5.25 for SCR-331 Readers, if it is less, i.e. 5.18, you may have to upgrade the firmware, which will require a windows computer,
http://www.scmmicro.com/suppor...pport/downloads.html. If you have 5.25 continue to step 8.

Step 8: Open Applications / Utilities / Keychain Access; Open the "Edit" Menu, and select "Keychain List", click the "+" button in the lower left of the window opened, navigate to the location: System / Library / Keychains (Select the local hard drive i.e “Macintosh HD” on the left, followed by the System folder, within that the Library folder, and within that the Keychains folder), and select X509Anchors. Check the Box to the left of the name under "Shared" as well as the System Box. Click "Ok".

Step 9: Insert Your CAC Card into the Card Reader. If in the upper left of the Keychain Access window, under "Keychains" your CAC should show up (CAC XXXX-XXXX-XXXX-XXXX-XXXX), select it. In the right hand side you will see the certificates that are on your CAC.

Step 10: Click the "Padlock" icon in the upper left corner of the program window, which will prompt you for your CAC PIN. Enter your PIN to unlock your CAC.

Step 11: Select the desired certificate, which will show DOD EMAIL CA-19 in the upper window. Double click to see details, follow notes below to ensure correct certificate.
****The appropriate one is DOD EMAIL CA-19, and in key usage says Encrypt, Verify, Wrap, Derive usually the second one*****
****To see key usage, double click on certificate and scroll down slowly in details, you will see it***********

Step 11.5: Right Click (Control Click) on the certificate once you are sure its right one and select "New Identity Preference"

Step 12: Enter the following URL(s) for for the appropriate website you wish to access, select the appropriate certificate and click “Add”:
https://cgwebmail.uscg.mil

Step 13: Do the same thing (right click/new identity preference) again for same certificate, but use url:
https://cgwebmail.uscg.mil/ ***************Notice the "/" at end, that is why you are doing this*************

Step 14: Do as above for same certificate, for 3rd time now, but use:
https://cgwebmail.uscg.mil/exchange

*****************YOU MUST TYPE THESE URLS EXACTLY, NOTICE THE HTTP(S) AND WHERE THE "/" IS ON WHICH ONES, IT WILL NOT WORK IF YOU CHANGE THESE AT ALL****************

STEP 15: VERIFY THESE URLS ARE CORRECT, THEY WILL SHOW UP IN MAIN WINDOW UNDER LOGIN IN KEY/CERT LIST. EXIT KEYCHAINS.

STEP 16: Start safari and go to https://cgwebmail.uscg.mil , enter pin, it should work.

I had a friend with a mac verify it today, worked perfect for him too. Anyone else out there please let me know so I can gloat.

Not bad for an MST huh...

Jason

So it doesn't kick you out after opening 1 or 2 emails? I'll try it in the next few days and let you know if it works for me.

Thanks for figuring it out.

-GR

Works great!!

Thanks

Just FYI, on the IT forum, where i also posted due to they would benefit also, I have a third confirmation that it works great. I think if we can get 10 people, with up to date software and firmware that is current, we can publish this officially. Any others that it works for, let me know, I have checked my email 5 times tonight and works, however now I am reconsidering why I would (Active Duty).

Additionally I found in my office about 20% of reservists have macs, and if this works right, thats that many many more CG that can stay up to date and ready in case things happen.

V/R

MST1 Jason N
to contact or questions, MST1 Jason N in 401 area code

Works for me! Thanks. It's about time.

I wasn't able to upgrade the firmware but it's working just fine now.

FWIW, 30% of our Reservists at my unit are Mac users.

Got it work also. Thanks great work.

I did not need to update the firmware and the 5.18 works

Thanks Again,

I have a toshiba computer, I'm navy & I can't download the pure edge viewer & approvit programs because I don't have an AKO. What do I do?

I can't seem to get it to work. I get to step 9 and the CAC never appears, I've restarted, unplugged the CAC, removed my card, everything...

I have the 10.5.8 version of Mac OS X, the 4.0.3 version of Safari, but I have a ActivCard CAC card reader. Instead of the SCM SCR331. Could that be the problem?

i have followed the instructions to a "t" but for some reason alt-clicking (using ctrl) does not allow me to choose a "new identity preference". is there another way to choose it? am i clicking it wrong?