Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

vanilla_prison

macrumors member
Original poster
Nov 18, 2020
39
77
I ordered the new Macbook Air with M1 that will be here next week. I'm looking to use it to replace my current aging Windows laptop. The only thing I foresee being an issue (hopefully this is a good place to ask this) is that I access .mil sites daily. Getting a USB-C CAC reader shouldn't be too hard, but what about the certificates needed to access these sites? Will it be fine to download the PKI's since they are browser security based, or will the ARM architecture cause issues and I will have to wait a while for a solution?
 
No bueno - got the new macbook air with Big Sur and M1 chip. Loaded certificates with no problem - all are visible in the keychain. Using SCR3310v2 USB-C reader - reader shows up in system report but the LED never turns on/flickers - looks like it is recognized but not working. Cannot access any DoD cac-enabled sites. Verified the reader works on another computer. Hoping MilitaryCaC.com posts a fix. Emailed Indentiv (cac maker) - no response yet
 
No bueno - got the new macbook air with Big Sur and M1 chip. Loaded certificates with no problem - all are visible in the keychain. Using SCR3310v2 USB-C reader - reader shows up in system report but the LED never turns on/flickers - looks like it is recognized but not working. Cannot access any DoD cac-enabled sites. Verified the reader works on another computer. Hoping MilitaryCaC.com posts a fix. Emailed Indentiv (cac maker) - no response yet
Resqdoc, did you happen to get an update on this?

thanks for your time
 
My guess is that it will be a while before the M1 Macs are permissible for sensitive government use. The government needs to test the security protocols and identify and patch vulnerabilities.
 
Okeydokey, thank your very much for looking into this 😀
Got things working!
First, I used the Mac transfer utility to move my old macbook image to the new one - that is what started the problem.
I had Thursby PKard installed and it transferred over.
I uninstalled PKard and then uninstalled all SCM drivers for the Identiv smart card readers.
Emptied trash
Re-booted
Macbook recognized smart card reader and CAC - no problems accessing sites now!
 
Got things working!
First, I used the Mac transfer utility to move my old macbook image to the new one - that is what started the problem.
I had Thursby PKard installed and it transferred over.
I uninstalled PKard and then uninstalled all SCM drivers for the Identiv smart card readers.
Emptied trash
Re-booted
Macbook recognized smart card reader and CAC - no problems accessing sites now!
Awesome, thank you very much for the update and steps to install on my air!

have a Merry Christmas!
 
  • Like
Reactions: vanilla_prison
Got my M1 Air a while ago, but I was actually at BLC and couldn’t take advantage of it. Now I’m back and can confirm that everything appears to be working just fine on it. All .mil sites I need (ones that work outside of NIPR at least), do work just fine using the same old instructions for previous macs. Quick bump and recap for anyone who might see/need that info.
 
I ordered the new Macbook Air with M1 that will be here next week. I'm looking to use it to replace my current aging Windows laptop. The only thing I foresee being an issue (hopefully this is a good place to ask this) is that I access .mil sites daily. Getting a USB-C CAC reader shouldn't be too hard, but what about the certificates needed to access these sites? Will it be fine to download the PKI's since they are browser security based, or will the ARM architecture cause issues and I will have to wait a while for a solution?
Support for CAC Smartcards is inherent in the OS, regardless of architecture. I'd say the only areas where you might have issue is if you're using a third party program for the Mac that programs the cards and that program is finnicky in Rosetta 2 or just won't run on Apple Silicon Macs at all. But I feel like that's somewhat unlikely.
 
  • Haha
Reactions: Hexley
Got things working!
First, I used the Mac transfer utility to move my old macbook image to the new one - that is what started the problem.
I had Thursby PKard installed and it transferred over.
I uninstalled PKard and then uninstalled all SCM drivers for the Identiv smart card readers.
Emptied trash
Re-booted
Macbook recognized smart card reader and CAC - no problems accessing sites now!
Hi there , I’m new to Mac and I am trying to make mine work on military sites. Can you point me in the right direction as far as steps?
 
Got things working!
First, I used the Mac transfer utility to move my old macbook image to the new one - that is what started the problem.
I had Thursby PKard installed and it transferred over.
I uninstalled PKard and then uninstalled all SCM drivers for the Identiv smart card readers.
Emptied trash
Re-booted
Macbook recognized smart card reader and CAC - no problems accessing sites now!
I can't seem to get it.
wonder if this has something to do with it.
 

Attachments

  • Screen Shot 2021-07-17 at 7.58.29 PM.png
    Screen Shot 2021-07-17 at 7.58.29 PM.png
    825.2 KB · Views: 410
I ordered the new Macbook Air with M1 that will be here next week. I'm looking to use it to replace my current aging Windows laptop. The only thing I foresee being an issue (hopefully this is a good place to ask this) is that I access .mil sites daily. Getting a USB-C CAC reader shouldn't be too hard, but what about the certificates needed to access these sites? Will it be fine to download the PKI's since they are browser security based, or will the ARM architecture cause issues and I will have to wait a while for a solution?

-No issues on CAC (I've worked with the readers prior without issue)
-No issues with certificates (at the level you speak it's largely agnostic/various kernel based signed cert generation are covered. All big PC makers will include all the known CAs and their roots. However, you may need to import the DOD Root. That's not an Apple thing, PCs straight from the MFG won't come with the DOD root. But servers/sites in the public domain won't be dealing with DOD CA. That'll be for visiting servers within the .mil domain).
-Visiting sites will not be an issue (except for the DOD root issue mentioned above, any issues would largely be determined by <dept>.mil domain policy on which browsers you can use and what extensions can run. Some sites may not be allowed...some FTPs will be blocked even on SipR).

Best of luck...

EDIT: sorry didn't see the latest post :). I'm not following the issue. You insert your ID into the CAC reader and you are able to now see the computer's desktop, correct? If that is the case then you are past the local machine login security, correct?

You said you have installed the DOD root. You likely have a <your dept.>.mil HR announcement webpage, can you browse to that after getting by local machine security("local machine": though it is DC based security)? If all that is correct then what specifically is happening from there? If you browse to a common website, Apple.com, what happens?

FIPS gets into another bag of fun. MFGs have to make SW/HW up to latest FIPS standard. This is just for SipR net?
 
Last edited:
  • Like
Reactions: satcomer
Howdy Folks,

The only issue you could run into, is drivers for the CAC Reader itself. if macOS detects the reader and installs a compatible driver, it will just work (assuming your browser is supported). Websites, military or otherwise are architecture agnostic, they don't care what architecture you are on, and don't even care what OS you are on. As long as your browser is standards compliant, and all needed hardware has drivers, you should be good-to-go :)

For folks coming from the Windows world, you normally don't install drivers under macOS as you would with Windows. macOS comes with the majority of supported drivers out-of-the-box. With the new M1 SOC, you might find drivers for esoteric or some niche items (such as some CAC readers) are non-existent. Send a support note to the vendor of the CAC Reader, they should be able to sort that out, assuming they want to support macOS Big Sur going forward.

Rich S.
 
  • Like
Reactions: satcomer
I need to use CAC just for the purpose of getting to an LES, on my M1 MacBook Pro

Would someone recommend the best or favorite USB-C CAC reader that's been verified to work easily with included drivers for this laptop?
 
I need to use CAC just for the purpose of getting to an LES, on my M1 MacBook Pro

Would someone recommend the best or favorite USB-C CAC reader that's been verified to work easily with included drivers for this laptop?

works great on my 13" m1 mbp.

militarycac.com has all the necessary steps for getting all the correct certificates.
 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.