Unlike other third-party applications, Firefox on MacOS devices does not natively support the use of CACs. Additional configuration steps are needed to enable CAC support:
Enabling System Root Trust Store for Firefox
Unlike other browsers, Firefox by default does not use MacOS built-in, system-trusted certificates. Instead Firefox maintains its own trusted root store. Beginning with version 60, Mozilla makes available an advanced setting that forces Firefox to use the systems trusted root store, and by extension the DoD root certificates that you will have installed via the NDU DoD Root Certificate Configuration Profile.
To enable Firefox to trust your MacOS trusted certificates, follow these steps:
- Open Firefox; and,
- In the address bar type in about:config and press Return on your keyboard.
- Click on the I accept the risk! button.
- In the search field, type in security.enterprise, then double click on the Preference Name security.enterprise_roots.enabled to toggle the value from false to true.
Installing the PKCS11 Driver
Firefox requires the installation of a specific driver (PKCS11) for the use of CACs with DoD Sites. Follow these steps to install and enable the CAC driver for use in Firefox:
- Click here to download the Firefox PKCS11 Driver.dmg (sha512 hash: 55d35b71a33715390b183bdd43ff4dc2b9d7481d4e8132ef954134348814fadecb4480f88cbb367cc4eca947262f29b95bc2deae96e66cb6fa80070668479af8);
- Click on the Download button to download the disk image to your machine;
- In the Finder, double click on the Firefox PKCS11 Driver.dmg to mount the disc image;
- Double click on the Firefox PKCS11 Driver Signed.pkg;
- Click on the Continue button;
- Click on the Install button; and,
- Enter your administrative username and password then click the Install Software button.
The Firefox PKCS11 driver has now been installed.
Configuring Firefox for CAC Use
Follow these steps to enable CAC use in Firefox:
- Open Firefox; and,
- Click on the Firefox menu and select Preferences.
- Click on Privacy & Security on the left, and then click Security Devices.
- Click on the Load button.
- Enter CAC in the Module Name Field;
- Copy and paste /usr/local/share/centrifydc/lib/pkcs11/tokendPKCS11.so in the Module filename; and,
- Click OK.
The Firefox PKCS11 CAC driver has now been configured.