Enabling CAC Support in Firefox

 

Unlike other third-party applications, Firefox on MacOS devices does not natively support the use of CACs. Additional configuration steps are needed to enable CAC support:

Requirements   

 


Enabling System Root Trust Store for Firefox

Unlike other browsers, Firefox by default does not use MacOS built-in, system-trusted certificates. Instead Firefox maintains its own trusted root store. Beginning with version 60, Mozilla makes available an advanced setting that forces Firefox to use the systems trusted root store, and by extension the DoD root certificates that you will have installed via the NDU DoD Root Certificate Configuration Profile

To enable Firefox to trust your MacOS trusted certificates, follow these steps:

  • Open Firefox; and,
  • In the address bar type in about:config and press Return on your keyboard.

about:config in Firefox 

 

  • Click on the I accept the risk! button.

 

I accept the Risk!

 

  • In the search field, type in security.enterprise, then double click on the Preference Name security.enterprise_roots.enabled to toggle the value from false to true.

 

security.enterprise

 


Installing the PKCS11 Driver

Firefox requires the installation of a specific driver (PKCS11) for the use of CACs with DoD Sites. Follow these steps to install and enable the CAC driver for use in Firefox:

  • Click here to download the Firefox PKCS11 Driver.dmg (sha512 hash: 55d35b71a33715390b183bdd43ff4dc2b9d7481d4e8132ef954134348814fadecb4480f88cbb367cc4eca947262f29b95bc2deae96e66cb6fa80070668479af8);
  • Click on the Download button to download the disk image to your machine;
  • In the Finder, double click on the Firefox PKCS11 Driver.dmg to mount the disc image;
  • Double click on the Firefox PKCS11 Driver Signed.pkg; 
  • Click on the Continue button;
  • Click on the Install button; and,
  • Enter your administrative username and password then click the Install Software button.

The Firefox PKCS11 driver has now been installed.

 


Configuring Firefox for CAC Use

Follow these steps to enable CAC use in Firefox: 

  • Open Firefox; and, 
  • Click on the Firefox menu and select Preferences.

 

Firefox Preferences

 

  • Click on Privacy & Security on the left, and then click Security Devices.

 

Security Devices

 

  • Click on the Load button.

 

Load Security Module

 

  • Enter CAC in the Module Name Field;
  • Copy and paste /usr/local/share/centrifydc/lib/pkcs11/tokendPKCS11.so in the Module filename; and,
  • Click OK.

 

Module Load Screen

 

  • Click OK.

The Firefox PKCS11 CAC driver has now been configured.