Personal Laptop Information

 

 

The Marine Corps University (MCU) does have a Bring Your Own Device (BYOD) policy that allows all students to be able to use their own laptops and CAC enabled tablets on the provided wireless (CampusNet) network.

The Marine Corps University Information Technology (MCU IT) Helpdesk can provide handouts and web link for students so that they can walk themselves through the setup process. If the student or staff is unable to properly configure his/her device, a MCU IT technician can assist if no other IT related priorities exist. Please note that the MCU Technology Department will not become liable for information lost or hardware damage.
 

If you do not already have one, you will need to purchase a Department of Defense (DoD) approved Common Access Card (CAC) Reader. You will find information on how to obtain one on MilitaryCAC.com.

 

CAC Support for MAC Users:

There is a quick 6 minute YouTube video from Navy Resources "How to Enable CAC on MAC" that will walk you through enabling your CAC on MAC via CACKey and MilitaryCAC.com.

You may find the "CAC ON YOUR Mac INSTALL CHECKLIST PAGE" on MilitaryCAC.com here.

Here you will have the option to choose from:

DoD Cyber Exchange Public (public.cyber.mil) – This website hosts limited content available to the public and will contain unclassified content only. If you do not see content that was previously on IASE, it more than likely has moved to DoD Cyber Exchange NIPR. If you do not have a CAC with DoD Certificates, choose Public below.

DoD Cyber Exchange NIPR (cyber.mil) – This website hosts all of the content we have available and is only accessible to customers with a CAC with DoD Certificates.

NOTE: Keep in mind that you may be required to have your certificates to be reloaded if after completing the process within the video does not fix the issue. If this happens, please refer back to MilitaryCAC.com.

Then follow the instructions and download the "ALLCerts.p7b file".

CAC Reader drivers will be need to be installed. For instructions on how to obtain refer to the MilitaryCAC.com.

You will need to Configure the keychain for the MCU site (sso.usmcu.edu) to trust your certificates. For instructions on how to clear the login section of keychain please refer to MilitaryCAC.com.

 

If the user is no longer able to access MCU Gmail due to a system update or new CAC you may be required to do the following steps again from the above instructions:

  • CA certificates may need to be updated or reloaded.
  • CAC Reader drivers may need to be updated.
  • Configure keychain for the MCU site (sso.usmcu.edu) to trust root and your email certificates

 

If the CAC reader does not allow you to go certain sites or is new:

  1. Delete the "Keychain" for "sso.usmcu.edu".
  2. Restart your MAC.
  3. Configure the Root and Email certificate to always be trusted in the system configuration.
  4. Try Gmail again
 
NOTE: Firefox does not use the keychain access, it stores the files within the web browser.
Here are the instructions on how to clear them:
  1. Select the 3 equal lines (upper right corner of your Firefox web browser).
  2. Select: Preferences
  3. Select: Advanced
  4. Select: Certificates
  5. Select: View Certificates
  6. Select: Servers
  7. Scroll down to: U.S. Government
  8. Select the certificates you want to be removed, then click "Delete"...

 

 

CAC Support for Microsoft WINDOWS Users:

To get started you will need the following:

  1. CAC (Please ensure you have your "Email Certificates" loaded by DEERS)
  2. DoD approved CAC Reader, if you do not have one you may obtain one from the link provided at the Top of the page from MilitaryCAC.com.
  3. Middleware (If necessary, depending on your operating system version)
  4. Install the "InstallRoot" application to obtain the CA Certificates

For more Detailed instructions, please scroll down.

 

To begin you using your CAC with your Windows Laptop, please do the following:

  • Get your CAC reader.
  • Use the following link "InstallRoot 5.5 NIPR 64-bit Windows Installer", you will be redirected to the DoD CYBER EXCHANGE PUBLIC webpage.
  • Install "DoD root certificates" with InstallRoot. So for your device to recognize your CAC certificates and other DoD websites as trusted, you will need to run the "InstallRoot Utility" you may find complete instructions on the below link provided by the Defense Acquisition University (DAU)..

NOTE: Depending upon your device you maybe required to install certain middleware, please refer to the link provided by MilitaryCAC.com.

 

Make your certificates available to your operating system and/or browser if necessary:

Google Chrome:

  1. Navigate to Tools > Options > Under the Hood and click Manage Certificates in the HTTPS/SSL section.
  2. On the Personal tab, review the list of certificates to determine if your CAC certificates are in the list. The certificates on your CAC will be issued by a DoD CA.
  3. If the certificates appear in the list, you are finished. If the certificates do not appear in the list, please see the note below.

NOTE: If your certificates are not in the list and you’re using ActivClient, please make sure it is installed correctly. If your certificates are not in the list and you are using other middleware, you can contact your CC/S/A for more information on the middleware requirements for your organization.

 

FireFox:

  1. Download and install the InstallRoot tool following the instructions in the InstallRoot User Guide or watch this video to learn how.

2. Open the InstallRoot tool and select Firefox/Mozilla/Netscape from the Select Trust Store picklist at the bottom of the window.

3. Ensure only the top Install DoD NIPRNET Certificates box is checked.

4. Click the Install button and wait for the installation to complete. Please wait until you see a confirmation dialog indicating the tool is finished.

 

Using CAC certificates in Firefox

These instructions will enable ActivIdentity’s ActivClient software to work within Firefox. Before proceeding, try to ensure the latest version of ActivClient is installed by going to the ActivClient website to check the latest version. Before installing the latest version, please uninstall any previous versions of ActivClient.

As of version 6.2, ActivClient by default configures Firefox to accept the CAC certificates without any additional configuration. You may use the following instructions to verify that it has been installed properly. If using an older version of ActivClient, these instructions will assist with proper configuration.

    1. Open Firefox
    2. Click on Tools > Options in the menu bar.
    3. In the Options window, go to Advanced > Encryption > Security Devices.
    4. In the new window, click on Load.
    5. Enter “ActivClient(CAC)” for the Module Name.
    6. Click Browse to the right of the Module Filename field. Browse to the location of the ActivClient PKCS11 library, acpkcs211.dll. This is typically located at C:\Program Files (x86)\ActivIdentity\ActivClient\acpkcs211.dll in ActivClient 6.2, and C:\Windows\system32\acpkcs201-ns.dll in ActivClient 6.1 and earlier.
    7. Click OK, and then OK again in the confirmation window.
    8. The confirmation message will show that the security device (CAC) was loaded. CAC certificates can now be used with the browser. Click OK to close the window.

 

Ensure the Online Certificate Status Protocol (OCSP) is Performing Revocation Checking

With any versions of ActivClient later than 6.2, these settings will be automatically configured. However, these instructions can be used to confirm proper configuration for older versions of ActivClient.

      1. Open Firefox
      2. Click on Tools > Options in the menu bar.
      3. In the Options window, go to Advanced > Encryption > Validation.
      4. Ensure the option Use the OCSP to confirm the current validity of certificates is checked. Also ensure When an OCSP server connection fails, treat the certificate as invalid is checked.

 

For some trouble shooting steps for your Windows device, the provided link from MilitaryCAC.com has some good information.
 

 

Here are some known "Undocumented" Issues:

  1. Ensure the time, date, and time zone (Eastern Time) is correct on your system.
  2. Make sure you are not running more than 1 anti-virus or firewall applications. An example of this is Windows Defender and McAfee.
  3. MAC systems tend to require reconfiguration after a major update or OS change. Please refer to the CAC support for MAC above.
  4. Ensure TLS 1.0 is enabled and disable SSL 2.0 and 3.0.
  5. Recent changes on some antivirus and/or Firewall applications disable browser redirecting. Temporarily disable affecting software and try the MCU email again.