Personal Laptop Information

The Marine Corps University (MCU) does have a Bring Your Own Device (BYOD) policy that allows all students to be able to use their own laptops and CAC enabled tablets on the provided wireless (CampusNet) network.

If you do not already have one, you will need to purchase a Department of Defense (DoD) approved Common Access Card (CAC) Reader. You will find information on how to obtain one on MilitaryCAC.com

https://militarycac.org/purchase.htm

CAC Support for MAC Users:
 

There is a quick 6 minute YouTube video from Navy Resources "How to Enable CAC on MAC" that will walk you through enabling your CAC on MAC via CACKey and MilitaryCAC.com. You may click here or if this option does not work you may manually type in the URL directly:

https://www.youtube.com/watch?v=KLTpFUGwbG4

You may find the "CAC ON YOUR Mac INSTALL CHECKLIST PAGE" on MilitaryCAC.com here:
 

https://www.militarycac.com/macnotes.htm

Another helpful link is the "DISA MAC Getting Started", you will be redirected to the DoD CYBER EXCHANGE PUBLIC webpage.
 

https://iase.disa.mil/pki-pke/getting_starte/Pages/mac.aspx

 

Here you will have the option to choose from:

DoD Cyber Exchange Public (public.cyber.mil) – This website hosts limited content available to the public and will contain unclassified content only. If you do not see content that was previously on IASE, it more than likely has moved to DoD Cyber Exchange NIPR. If you do not have a CAC with DoD Certificates, choose Public below.

DoD Cyber Exchange NIPR (cyber.mil) – This website hosts all of the content we have available and is only accessible to customers with a CAC with DoD Certificates.

NOTE: Keep in mind that you may be required to have your certificates to be reloaded if after completing the process within the video does not fix the issue. If this happens, please refer back to MilitaryCAC.com refer back to the MAC Notes:

https://militarycac.org/macnotes.htm

Then follow the instructions and download the "ALLCerts.p7b file":

https://militarycac.org/macnotes.htm

CAC Reader drivers will be need to be installed. For instructions on how to obtain refer to the MilitaryCAC.com link below:

https://militarycac.org/cacdrivers.htm

You will need to Configure the keychain for the MCU site (sso.usmcu.edu) to trust your certificates. For instructions on how to clear the login section of keychain please refer to the link below on MilitaryCAC.com:

https://militarycac.org/keychain.htm

If the user is no longer able to access MCU Gmail due to a system update or new CAC you may be required to do the following steps again from the above instructions:

• CA certificates may need to be updated or reloaded.
• CAC Reader drivers may need to be updated.
• Configure keychain for the MCU site (sso.usmcu.edu) to trust root and your email certificates

If the CAC reader does not allow you to go certain sites or is new:

1. Delete the "Keychain" for "sso.usmcu.edu".
2. Restart your MAC.
3. Configure the Root and Email certificate to always be trusted in the system configuration.
4. Try the below site again:

https://mail.google.com/a/usmcu.edu

NOTE: Firefox does not use the keychain access, it stores the files within the web browser.

Here are the instructions on how to clear them:

1. Select the 3 equal lines (upper right corner of your Firefox web browser).
2. Select: Preferences
3. Select: Advanced
4. Select: Certificates
5. Select: View Certificates
6. Select: Servers
7. Scroll down to: U.S. Government
8. Select the certificates you want to be removed, then click "Delete"...

ASSISTANCE FOR APPLE USERS and some common trouble shooting steps, please refer to the MilitaryCAC.com link:

https://militarycac.com/MacQuestions.htm#500_

CAC Support for Microsoft WINDOWS Users:

For a general Video to help you configure your Windows Computer, the link below is provided by MilitaryCAC.com:

https://militarycac.com/videos.htm#firmware
 

To get started you will need the following:

1. CAC (Please ensure you have your "Email Certificates" loaded by DEERS)
2. DoD approved CAC Reader, if you do not have one you may obtain one from the link provided at the Top of the page from MilitaryCAC.com.
3. Middleware (If necessary, depending on your operating system version)
4. Install the "InstallRoot" application to obtain the CA Certificates

For more Detailed instructions, please scroll down.

To begin you using your CAC with your Windows Laptop, please do the following:

• Get your CAC reader.
• Install the CAC Reader Drivers for more information on this, please refer to the link provided by MilitaryCAC.com:

https://militarycac.com/cacdrivers.htm

There is also a video that you will also assist you with this and you can see that here:

https://www.youtube.com/watch?time_continue=6&v=wZ002-EmTEo&feature=emb_logo

• Depending upon your device you maybe required to install certain middleware, please refer to the link provided by MilitaryCAC.com:

https://militarycac.org/USMC.htm

• Install "DoD root certificates" with InstallRoot. So for your device to recognize your CAC certificates and other DoD websites as trusted, you will need to run the "InstallRoot Utility" you may find complete instructions on the below link provided by the Defense Acquisition University (DAU):

https://www.dau.edu/faq/p/Pages/DoD-PKI-Certificates

• Make your certificates available to your operating system and/or browser if necessary:

1) For Internet Explorer 8.0 and above:

1. Navigate to Tools > Internet Options > Content and click Certificates.
2. On the Personal tab, review the list of certificates to determine if your CAC certificates are in the list. The certificates on your CAC will be issued by a DoD CA.
3. If the certificates appear in the list, you are finished. If the certificates do not appear in the list, please see the note below.

2) For Google Chrome:

1. Navigate to Tools > Options > Under the Hood and click Manage Certificates in the HTTPS/SSL section.
2. On the Personal tab, review the list of certificates to determine if your CAC certificates are in the list. The certificates on your CAC will be issued by a DoD CA.
3. If the certificates appear in the list, you are finished. If the certificates do not appear in the list, please see the note below.

NOTE: If your certificates are not in the list and you’re using ActivClient, please make sure it is installed correctly. If your certificates are not in the list and you are using other middleware, you can contact your CC/S/A for more information on the middleware requirements for your organization.

3) For FireFox:

Install Certificates from InstallRoot

1. Download and install the InstallRoot tool following the instructions in the InstallRoot User Guide or watch this video to learn how:

https://youtu.be/0zmkfTBHeYg

2. Open the InstallRoot tool and select Firefox/Mozilla/Netscape from the Select Trust Store picklist at the bottom of the window.

3. Ensure only the top Install DoD NIPRNET Certificates box is checked.

4. Click the Install button and wait for the installation to complete. Please wait until you see a confirmation dialog indicating the tool is finished.

Using CAC certificates in Firefox

These instructions will enable ActivIdentity’s ActivClient software to work within Firefox. Before proceeding, try to ensure the latest version of ActivClient is installed by going to the ActivClient website to check the latest version. Before installing the latest version, please uninstall any previous versions of ActivClient.

As of version 6.2, ActivClient by default configures Firefox to accept the CAC certificates without any additional configuration. You may use the following instructions to verify that it has been installed properly. If using an older version of ActivClient, these instructions will assist with proper configuration.

1. 1. Open Firefox
   2. Click on Tools > Options in the menu bar.
   3. In the Options window, go to Advanced > Encryption > Security Devices.
   4. In the new window, click on Load.
   5. Enter “ActivClient(CAC)” for the Module Name.
   6. Click Browse to the right of the Module Filename field. Browse to the location of the ActivClient PKCS11 library, acpkcs211.dll. This is typically located at C:\Program Files (x86)\ActivIdentity\ActivClient\acpkcs211.dll in ActivClient 6.2, and C:\Windows\system32\acpkcs201-ns.dll in ActivClient 6.1 and earlier.
   7. Click OK, and then OK again in the confirmation window.
   8. The confirmation message will show that the security device (CAC) was loaded. CAC certificates can now be used with the browser. Click OK to close the window.

Ensure the Online Certificate Status Protocol (OCSP) is Performing Revocation Checking

With any versions of ActivClient later than 6.2, these settings will be automatically configured. However, these instructions can be used to confirm proper configuration for older versions of ActivClient.

1. 1. 1. Open Firefox
      2. Click on Tools > Options in the menu bar.
      3. In the Options window, go to Advanced > Encryption > Validation.
      4. Ensure the option Use the OCSP to confirm the current validity of certificates is checked. Also ensure When an OCSP server connection fails, treat the certificate as invalid is checked.

For some trouble shooting steps for your Windows device, the provided link below from MilitaryCAC.com has some good information:

https://militarycac.org/files/Making_AKO_work_with_Internet_Explorer_color.pdf

 

Here are some known "Undocumented" Issues:

1. Ensure the time, date, and time zone (Eastern Time) is correct on your system.
2. Make sure you are not running more than 1 anti-virus or firewall applications. An example of this is Windows Defender and McAfee.
3. MAC systems tend to require reconfiguration after a major update or OS change. Please refer to the CAC support for MAC above.
4. Ensure TLS 1.0 is enabled and disable SSL 2.0 and 3.0.
5. Recent changes on some antivirus and/or Firewall applications disable browser redirecting. Temporarily disable affecting software and try the MCU email again.