Apple Support: Enabling CAC Support in Firefox

This article will detail how to enable CAC support in Firefox for macOS..

Unlike other third party applications, Firefox on macOS does not natively support the use of CAC. Additional configuration steps are needed to enable CAC support.

Requirements

Enabling System Root Trust Store for Firefox

Unlike other browsers, Firefox by default does not use macOS builtin system trusted certificates. Instead Firefox maintains it's own trusted root store. Beginning with version 60, Mozilla makes available an advanced setting to force Firefox to use the systems trusted root store, and by extension the DoD root certificates that were installed via configuration profile. 

To enable Firefox to trust your macOS trusted certificates, follow these steps:

  • Open Firefox
  • In the address bar type in about:config and press Return on your keyboard

 
  • Click on the I accept the risk! button

 
  • In the search field, type in security.enterprise, then double click on the Preference Name security.enterprise_roots.enabled to toggle the value from false to true

 

Install PKCS11 Driver

Firefox requires the use of a driver (PKCS11) in order to use the CAC with DoD Sites. Follow these steps to install and enable the CAC driver for use in Firefox:

  • Access the keychain-pkcs11 driver at https://github.com/kenh/keychain-pkcs11/releases
  • Download the current release (as of this writing is keychain-pkcs11-0.9.5.pkg)
  • Double click on the keychain-pkcs11-0.9.5.pkg
  • Click on the Continue button
  • Click on the Install button
  • Enter your administrative username and password then click the Install Software button

The Firefox PKCS11 driver has now been installed

Configure Firefox to use CAC

Follow these steps to enable Firefox to use CAC

  • Open Firefox
  • Click on the Firefox menu and select Preferences…

 
  • Click on Privacy & Security on the left, and then click Security Devices…

 
  • Click on the Load button

 
  • Enter PIV in the Module Name Field
  • Copy and paste/usr/local/lib/keychain-pkcs11.dylib​​​​​​​ in the Module filename
  • Click OK

 
  • Click OK

The Firefox PKCS11 CAC driver has now been configured.