I found a solution for mac users using OS 10.5.8 and scr331 with 5.25 firmware and safari 4.0.3, all newest releases as of 8/18/09. Go to militarycac.com, follow directions for mac as far as updates, adding x509 anchors etc, go into keychains, put in card, unlock card using padlock, put in pin, find certificate for email (encrypt, derive, etc) usually 2nd one on list, and right click on it, go to new identity, enter https://cgwebmail.uscg.mil, then another identity for https://cgwebmail.uscg.mil/, then new one for https://cgwebmail.uscg.mil/exchange . You are adding THREE identities for the same certificate (it works trust me) Exit out, then start safari, go to https://cgwebmail.uscg.mil, enter pin, works every time for my macbook. Never worked before I added all three identities for the same certificate. NOTE: on militarycac.com, they use the wrong web site (its https) and wrong certificate (its the email certificate with all the derive, encrypt, etc in the cert details, not the dod ca-19, this one wont work).

Questions email me. (oh, and I'm an MST not an IT, but it still works)

Sounds cool... I'm going to scrounge up another CAC reader and try it today. I've got my Macbook Pro with me but no reader. If I can make it work I'll job aid it...

I've muddled my way through this and it appears to work.

I've had a few differences though - my reader has the 5.18 firmware. The site linked to at www.militarycac.com didn't have any firmware updates from the SCR331 CAC reader. It did have what appears to be an OSX driver under the SCR331/SCR531 CCID USB section, which I installed. However since I've already been through trying to get my certificates and a CAC reader to work on this Mac I'm not positive if the driver was needed or if something I tweaked in the past facilitated using my reader with the older firmware.

I'm also only on OSX 10.5.7 on the machine that I tried this on. I am running Safari 4.0.3 though.

I have an brand new Mac Pro that I haven't played with my CAC on. I'm going to try these instructions tonight without installing the driver or updating the CAC firmware to see if everything still works on that system.

Based on what's there now, I still recommend that the average Mac user avoid trying this. The instructions that are published right now are still a little on the vague side. I'm working on job aiding this now and hopefully I'll have something that's a bit easier to follow when I'm done...

Ok, I have cut and copied from militarycac.com (with all copyright going to them) with the correct info to get it to work, at least how mine does. Follow the below to the "T." This is to simplify my first post and put it in one form.

On another note, when you go to the link to flash your scr331 to vers. 5.25,(the SCM systems website), choose from the choices: SCR331/531 CCID USB, then choose WIN98SE from the version choices, click ok to the EULA, then you will see the firmware upgrade. Note, you have to do this from a PC first. I have not tried the old firmware, but 5.25 DOES WORK. You may have to download a new firmware upgrader from their site also, (man I hate PC)

Step 1: Update your system. (10.5.6 is the minimum required for Leopard, I would use 10.5.8, its available for free and works and safari 4.0.3, click on eh apple and down to software updates)

Step 2: Plug in your Card Reader to the USB Port

Step 3: Click the Apple Icon in the upper left corner of your desktop and select "About This Mac"

Step 4: Click the "More Info" Button within the window that pops up. (This open System Profiler)

Step 5: Within the "Hardware" Category select the "USB" Section. On the right hand side of the screen the window will display all hardware plugged into the USB ports on your Mac. Within this should be a Smart Card Reader. If the Smart Card reader is present here it is installed on your system. If you have an SCR-331 proceed to step 6, for all others proceed to step 8.

Step 6: (For those with SCR-331 Card Readers only) If you are having issues and have not updated to 5.25 you must do so. Select the Smart Card Reader . Below the card USB window will be another window that displays the hardware's information.

Step 7: Verify your Firmware Version. The following is for those with an SCR-331 Reader, others must consult their hardware manufacturers in order to get the most up to date firmware. The firmware version should be 5.25 for SCR-331 Readers, if it is less, i.e. 5.18, you may have to upgrade the firmware, which will require a windows computer,
http://www.scmmicro.com/suppor...pport/downloads.html. If you have 5.25 continue to step 8.

Step 8: Open Applications / Utilities / Keychain Access; Open the "Edit" Menu, and select "Keychain List", click the "+" button in the lower left of the window opened, navigate to the location: System / Library / Keychains (Select the local hard drive i.e “Macintosh HD” on the left, followed by the System folder, within that the Library folder, and within that the Keychains folder), and select X509Anchors. Check the Box to the left of the name under "Shared" as well as the System Box. Click "Ok".

Step 9: Insert Your CAC Card into the Card Reader. If in the upper left of the Keychain Access window, under "Keychains" your CAC should show up (CAC XXXX-XXXX-XXXX-XXXX-XXXX), select it. In the right hand side you will see the certificates that are on your CAC.

Step 10: Click the "Padlock" icon in the upper left corner of the program window, which will prompt you for your CAC PIN. Enter your PIN to unlock your CAC.

Step 11: Select the desired certificate, which will show DOD EMAIL CA-19 in the upper window. Double click to see details, follow notes below to ensure correct certificate.
****The appropriate one is DOD EMAIL CA-19, and in key usage says Encrypt, Verify, Wrap, Derive usually the second one*****
****To see key usage, double click on certificate and scroll down slowly in details, you will see it***********

Step 11.5: Right Click (Control Click) on the certificate once you are sure its right one and select "New Identity Preference"

Step 12: Enter the following URL(s) for for the appropriate website you wish to access, select the appropriate certificate and click “Add”:
https://cgwebmail.uscg.mil

Step 13: Do the same thing (right click/new identity preference) again for same certificate, but use url:
https://cgwebmail.uscg.mil/ ***************Notice the "/" at end, that is why you are doing this*************

Step 14: Do as above for same certificate, for 3rd time now, but use:
https://cgwebmail.uscg.mil/exchange

*****************YOU MUST TYPE THESE URLS EXACTLY, NOTICE THE HTTP(S) AND WHERE THE "/" IS ON WHICH ONES, IT WILL NOT WORK IF YOU CHANGE THESE AT ALL****************

STEP 15: VERIFY THESE URLS ARE CORRECT, THEY WILL SHOW UP IN MAIN WINDOW UNDER LOGIN IN KEY/CERT LIST. EXIT KEYCHAINS.

STEP 16: Start safari and go to https://cgwebmail.uscg.mil , enter pin, it should work.

I had a friend with a mac verify it today, worked perfect for him too. Anyone else out there please let me know so I can gloat.

Not bad for an MST huh...

Jason

Just FYI, on the reserve forum, where i also posted due to they would benefit the most, I have a third confirmation that it works great. I think if we can get 10 people, with up to date software and firmware that is current, we can publish this officially. Any others that it works for, let me know, I have checked my email 5 times tonight and works, however now I am reconsidering why I would.

V/R

MST1 Jason N (401) area code (check global), pls contact me with questions or comments, esp. if it works

fmrRadioman, or Chief, contact me via global tomorrow, if I can get 6 more people (4 posted or emailed it works perfect so far) with the latest software to verify this solution, I have no doubt we can get mac (or tiscom) to develop a script or macro to do this for people, as long as they can verify 10.5.8 os, 4.0.3 safari and 5.25 scr331 firmware. I talked to apple few months back and they would love a solution due to they receive numerous emails a week asking about it, and have no solution (however they added it wasnt a high priority). Guess 2 hours per evening for 2 months trying to get it to work pays off

Your steps worked for me.

Nice job.....for an MST.