Having problems configuring FireFox to use a CAC reader
I am trying to configure Firefox so I can use my CAC card reader with it. My problem is when I try to load a module under Tools>Options>Advanced>Encryption>Security Devices. When I try to load acpkcs201.dll (or any of the other alternate .dll files) I get an error message that says "Unable to load module".
When I try to use the DoD Configuration 1.2 add-on from forge.mil, it also is unable to make this configuration.
The CAC reader and software works fine under Chrome and IE. The only problem is the .dll wont load up in Firefox using the add-on or manually.
Does anyone know how to make this module load properly?
I am using: Windows 7 x64 Firefox 3.6.9 SCR331 card reader ActivClient 6.2
Wót vitus
Wubrane rozwězanje
I ran into the same problem at first. I tried loading the *.dll files in the obvious location - C:\Program Files\ActivIdentity\ActivClient. None of the acpkcs*.dll files would load. Then I realized that the current version of Firefox is still a 32-bit program - it cannot load 64-bit ActivClient drivers.
Try loading C:\Program Files (x86)\ActivIdentity\ActivClient\acpkcs211.dll instead. That worked for me - the *.dll loaded immediately and detected my CAC reader. I have successfully been able to access CAC restricted sites with no problems.
My configuration: Windows 7 Professional x64 Firefox 3.6.10 ActivClient 6.2.0.74 - FIXS 1002012
Toś to wótegrono w konteksće cytaś 👍 48Wšykne wótegrona (10)
I think you will need to get support for this DLL from its makers, who should have instructions on how to load it into Firefox. Make sure you are using a version of Firefox they support.
I note you are using 64-bit Windows; you should also check that this is supported and that you have the right version of the DLL.
Gerv
Install.rdf for that extension shoes Firefox 3.6.* compatibility, so it should install into Firefox 3.6.9.
Instructions are here:
http://forge.mil/Resources-Firefox.html
Thanks for your response. I forgot to add to my original post that I am using ActivClient 6.2 which is compatible with Windows 7 64-bit. I also forgot to add that everything works fine in IE and Chrome.
I will edit my post to include that information.
the-edmeister,
Thanks for your response.
Yes it should but its not... thats the problem. I've followed those instructions. I've opened the .xpi file and examined the code to make sure it was looking for the right .dll files in the right places. I've tried to manually load the .dll files using known methods. Nothing seems to work. I'm hoping someone who has overcome this or knows how to overcome this can help out.
Wubrane rozwězanje
I ran into the same problem at first. I tried loading the *.dll files in the obvious location - C:\Program Files\ActivIdentity\ActivClient. None of the acpkcs*.dll files would load. Then I realized that the current version of Firefox is still a 32-bit program - it cannot load 64-bit ActivClient drivers.
Try loading C:\Program Files (x86)\ActivIdentity\ActivClient\acpkcs211.dll instead. That worked for me - the *.dll loaded immediately and detected my CAC reader. I have successfully been able to access CAC restricted sites with no problems.
My configuration: Windows 7 Professional x64 Firefox 3.6.10 ActivClient 6.2.0.74 - FIXS 1002012
I have the same problem but loading the .dll from the 32 bit directory still doesn't work. It says can not add module. However, in my configuration, neither IE (9) nor Chrome nor Safari will use the CAC although they see the reader and actually ask for the certificate. My only working configuration is to load XP Virtual on Windows 7 and that works fine. The solution sounded good, I'll keep trying....
Configuration: Windows 7 64 bit Professional, Firefox 3.6.1.6, Reader: 02Micro CCID SC Reader (Dell Latitude Notebook standard), ActivClient CAC x64 6.2.0.50
Finally, got a solution that works. Trick is to load ActivClient FIXS 1101014 that updates 6.2 to 6.2.0.108. Then you can add the DLL in Firefox as earlier described and voila, Firefox can access and authorize my CAC to the appropriate HTTPS sites. Really was getting tired of loading XP Virtual just to use my CAC. I haven't tried IE9 or other browsers at this point but as long as one browser in Windows 7 64bit works, don't care. FIXS 1101014 is available on various sites, got mine from an Army site.
In Firefox 4 this actually works fairly easily now. For 64 bit users, make sure you have the latest ActivClient version.
Menu sequence to configure this is:
- Options->Options->Advanced->Encryption (tab)
- Select Security Devices and then click on Load
- In the Module Name field Type: CAC Reader
- In the Module filename Field: select Browse:
32 bit ActivClient 6.2 computers go to: C:\Program Files\ActivIdentity\ActivClient\acpkcs211.dll
64 bit ActivClient 6.2 computers go to C:\Program Files(x86)\ActivIdentity\ActivClient\acpkcs211.dll
- Select OK. The result may prompt for your CAC PIN to import the certificates.
- Select OK to get out of this window then select: View Certificates
- When the Certificate manager opens ensure that the personal certificates have been imported. I was prompted for a Master Password at this point, this is your CAC PIN.
- Close and relaunch Firefox. Verify functionality by accessing AKO and selecting CAC Login.
- If prompted for certificate information, most likely, the root certs do not have defined exceptions within Firefox. Just select and add to complete.
- When / if prompted for Master Password, enter your 6-8 digit PIN for your CAC.
For users that need to change between certificates of their CAC card, I found in Firefox 4.x you have to import the DOD pki files. To do this follow the instructions at the URL below inside Firefox (do all 4). After successfully completing the imports, restart Firefox and when you get to a DOD website like "DISA web-mail" it will ask you to pick the certificate you would like to use. For the email certificate look at the details of each certificate and find the one that has your email address attached to it. This one you much use for all email certificate authentication.
Best Regards, Dimitri
The following is for Firefox 6.0.2, which as of 18 Sep 2011 is the current version of Mozilla Firefox, on Windows 7 Ultimate 64-bit edition.
In the past I've not been able to access DoD websites, including Army Knowledge Online (AKO) due to problems related to enabling the DoD CAC reader to work with Firefox. Since the DoD is going to CAC-ONLY access effective December 2011 (no more passwords!), it is more important to get these things working properly.
Many of the comments above were very helpful. The solution for me was a combination of the above comments. First, I installed the DoD Add-on from forge.mil, but Firefox was not recognizing my CAC reader. Then I tried manually loading the .dll, but it was saying it couldn't load it. So I tried loading the 32-bit version found in ...\Program Files(86)\... which successfully got Firefox to recognize my CAC reader, but it was not displaying my CAC certificates (and as such still wouldn't work). So finally I updated ActivClient as described above, which then imported my certificates, and the CAC reader now works in Firefox for all purposes.
Step by step instructions:
For Windows 7 Professional / Ultimate SP1 64-bit edition
1. Install the latest version of Mozilla Firefox (currently, 6.0.2 as of 9/18/11)
2. Go to the AKO and click on the "CAC Resource Center" link on the left hand side
3. Follow steps 1 through 4, up to and including downloading and installing ActivClient
4. IMPORTANT: After installing ActivClient, download the hotfix that will update version 6.2.0.50 to the latest version (currently 6.2.0.119). Firefox will not work with ActivClient 6.2.0.50. There is a link to download this hotfix under "step 4" in the CAC Resource Center. It is at the very top of the page.
5. Access http://www.forge.mil . Near the bottom of the page you will find a link next to the Firefox logo that says "Download DoD Mozilla Firefox & Thunderbird Add-ons" Click this link.
6. Scroll down and click the "Learn More" next to the appropriate option.
7. Click the download link to download the current version of the DoD add-on, currently 1.3.3, called "dod_configuration-1.3.3.xpi"
8. Run this file, which will install the Firefox root certificates and perform other required or helpful functions.
9. Close and restart Firefox.
10. Within Firefox, access menu option Tool>>Options>>Advanced and click the the button called "Security Devices"
11. Click "Load" and name your device "CAC Reader" or a similar descriptive name. Click browse and navigate to the 32-bit version of the ActivClient .dll, default is c:\Program Files (x86)\ActivIdentity\ActivClient\acpkcs211.dll
12. IMPORTANT: even though your PC is a 64-bit machine, Firefox is still 32-bit. So, you MUST load the x86 or 32-bit version of the .dll file.
13. Click "OK" and the module should load. On the left side, a new device called "CAC Reader" will appear.
14. Close out of device manager. You should be back at the advance options tab. Click "View Certificates". You will be asked for your PIN. Enter your PIN and Firefox will pull your DOD certificates.
15. Close out of these screens and attempt to access https://www.us.army.mil and login with your CAC. At this point, it should work!
Good luck!
(edit: formatting and corrected a typo)
Wót scorpio0679