This article will detail how to enable CAC support in Firefox for macOS..
Unlike other third party applications, Firefox on macOS does not natively support the use of CAC. Additional configuration steps are needed to enable CAC support.
Enabling System Root Trust Store for Firefox
Unlike other browsers, Firefox by default does not use macOS builtin system trusted certificates. Instead Firefox maintains it's own trusted root store. Beginning with version 60, Mozilla makes available an advanced setting to force Firefox to use the systems trusted root store, and by extension the DoD root certificates that were installed via configuration profile.
To enable Firefox to trust your macOS trusted certificates, follow these steps:
- Open Firefox
- In the address bar type in about:config and press Return on your keyboard
- Click on the I accept the risk! button
- In the search field, type in security.enterprise, then double click on the Preference Name security.enterprise_roots.enabled to toggle the value from false to true
Install PKCS11 Driver
Firefox requires the use of a driver (PKCS11) in order to use the CAC with DoD Sites. Follow these steps to install and enable the CAC driver for use in Firefox:
- Access the keychain-pkcs11 driver at https://github.com/kenh/keychain-pkcs11/releases
- Download the current release (as of this writing is keychain-pkcs11-0.9.5.pkg)
- Double click on the keychain-pkcs11-0.9.5.pkg
- Click on the Continue button
- Click on the Install button
- Enter your administrative username and password then click the Install Software button
The Firefox PKCS11 driver has now been installed
Configure Firefox to use CAC
Follow these steps to enable Firefox to use CAC
- Open Firefox
- Click on the Firefox menu and select Preferences…
- Click on Privacy & Security on the left, and then click Security Devices…
- Enter PIV in the Module Name Field
- Copy and paste/usr/local/lib/keychain-pkcs11.dylib in the Module filename
- Click OK
The Firefox PKCS11 CAC driver has now been configured.