How to set up Smart Cards and Digital Certificates in Firefox/Chrome

[johnsonmt01]

For any US GOV-affiliated individuals teleworking with a requirement to access smart card-enabled websites, and not interested in using a company-issued Windows laptop, here's how to set up your browsers.

1. Download DoD certificates from http://militarycac.com/maccerts/AllCerts.zip

2. Open a terminal and run "sudo apt install libccid libpcsc-perl libpcsclite-dev libpcsclite1 pcsc-tools pcscd". These are drivers and smart card middleware.

3. Also run "sudo apt install opensc opensc-pkcs11". These are smart card utilities.

4. Open Firefox and go to about:preferences#privacy, then View Certificates.

5. Under the Authorities tab, import your required certificates from AllCerts.zip. Be sure to select both Trust boxes for each certificate. Close View Certificates when complete.

6. Open Security Devices. Select load, then enter DODCAC for the module name, or your name of choice. For module filename, navigate to "/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so"

7. Select OK. Close settings and test on a smart card-enabled website.

8. I like to separate casual browsing in Firefox and Office 365 access in Chromium. Teams also functions better there. To enable smart card access in Chromium, continue with these steps.

9. Open a terminal and run "sudo apt install libnss3-tools"

10. When this is complete, enter "modutil -dbdir sql:.pki/nssdb/ -add DODCAC -libfile /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so"

11. Note that this references the module name you used in Firefox, as well as the location of the module file.

12. Once you see "Module "DODCAC" added to database," close the terminal and test a smart card-enabled site in Chromium.