Users are prompted to download and install the S/MIME control in Outlook on the web during their first use of S/MIME. Or, users can proactively go to S/MIME in their Outlook on the web settings to get the download link for the control. For more information. S/MIME for message signing and encryption. For more detailed information about S/MIME email, please see our article, Sending Secure Email with S/MIME. Thank you for choosing SSL.com! If you have any questions, please contact us by email at [email protected], call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.
Enterprise Webmail link:In the Under Secretary of the Army memorandum regarding Enterprise Email, the @mail.mil email address is the default email address on all new CACs issued since 6 January 2014. NOTE: Between mid October 2019 and mid February 2020 everyone in the Army was migrated to PIV AUTH certificate for Email access. You no longer select the Email certificate for Enterprise Email. If you see the below message after selecting your Email certificate, there is a good chance your account has been changed to using the Authentication certificate. So, please try your Authentication certificate instead of the Email certificate. Mac users who choose to upgrade to Mac OS Catalina (10.15.x) will need to uninstall all 3rd Party CAC enablers per https://militarycac.com/macuninstall.htm ***************************************** Created a 'retiring' page dedicated to providing information for people getting ready to retire. People need to understand they will no longer have access to DoD Enterprise Email and AKO once they surrender their CAC or date of retirement (whichever happens first). Receiving something similar to below image stating 'The DNS server might be having problems. Error Code: INET_E_RESOURCE_NOT_FOUND'
Follow guidance here to change your DNS server.
Accessing https://web.mail.mil requires the steps below and an email account already created
Windows 10 users will see the certificate selection differently than older versions of Windows. Click More choices to see additional certificates. Select the correct one, and then click OK. To see the word 'Authentication, you will need to ActivID 7.1.0.153 or 7.2.1.48 Mac Users - Some of the information below will not work for you. Start here for Mac specific instructions. If Mac user is dual persona / PIV AUTH, please look here to learn how to figure out which certificate is your actual PIV certificate. Chrome users will need select the non Email certificate, if you have two look for Smart Card Login in the certificate information after clicking the Certificate information (button). Problem 1:How can I check my DoD Enterprise Email other thanOWA when I'm not in the office? INFORMATION: The DoD Enterprise Email does NOT have the ability to be accessed using Outlook or other email program on a computer that is not on the .mil or .gov network. Read the 3 lines with double dashes. This means it cannot be set it up on a personal computer using Outlook. Solution 1-1: Yes, you can forward it but, only to another .mil or .gov email address. (For all mail.mil users) Solution 1-2: Yes, use your government owned BlackBerry, iPhone, iPad, or Android device (Only for Business Class users) Solution 1-3: Yes, bring your government computer with you and use VPN (For all mail.mil users, normally only business class users) Solution 1-4: If your organization uses Citrix, you may be able to use it to login with your CAC enabled home computer and access your Outlook via the Citrix client. (Only for Business Class users) Solution 1-5: You can check your email via an iPhone or iPad using OWA or Android using a mobile CAC reader and middleware. (For all mail.mil users) Problem 2: Youreceive the following error message when attempting to access https://web.mail.mil Solution 2:You don't have an Enterprise Email account yet. Check back with your organization to find out the approximate date it will be created.All Army users will have their account created automatically within 24 hours of receiving your CAC. You can call the Army Enterprise Service Desk-Worldwide at 866-335-2769 to find out who your Entitlement Manager is for your command if you've had your CAC longer than 48 hours. Problem 3:Your Email has transitioned to Enterprise Email and your information is incorrect in the Global Address List (GAL). Solution 3-1: Picture guide created for US Army Reserve Soldiers, but will work for everyone Solution 3-2: If your rank is wrong in the GAL (examples: 1SG vs. MSG, SPC vs. CPL vs. SP4, or SGM vs. CSM), you have to visit an ID card office to get it corrected. Problem 4:Receive 'HTTP/1.1 503 Service Unavailable' when attempting to access your email via OWA. Information: This is caused when the Exchange server is down, or having problems. Solution 4:Try accessing your email at a later time Problem 5:How do I add my PIV cert to my CAC, so, I can access my email? . Solution 5: Follow guidance on PIV page . Problem 6: My calendar and times are off in my OWA calendar NOTE: It is possible when you initially set up your OWA access you selected the defaults, which included the time zone set to Zulu time. Solution 6: Click Options, See All Options.., Settings, Regional. Change Current Time Zone to your location in the world. Remember to click Save (lower right corner of screen) Problem 7:I Can't view Encrypted emails in OWA / web.mail.mil(currently or prior to receiving a new CAC). Solution 7-1: Make sure you have the S/MIME control installed. REMINDER: This is only available in Internet Explorer (32 bit). It will NOT work with the 64 bit version of Internet Explorer, Edge, Chrome, Firefox, or on Macs. Information: Browsers other than 32 bit Internet Explorer are not capable of using S/MIME in OWA, this is because it is an Active-X control. By design web browsers other than 32 bit Internet Explorer do not support Active-X (and Browser Helper Objects). An OPTION is to use DISA's Secure Access File Exchange (SAFE) (https://safe.apps.mil) if you are waiting for orders or something that has PII in it. Your unit can upload it to SAFE and you will receive a link to download the file(s) you need. NOTE: Internet Explorer 11 runs in 32 bit mode by default, so, this should not be an issue. You would have had to have selected 'Enable 64-bit processes for Enhanced Protected Mode' to run in 64 bit mode. More information can be read here. Here's how to install s/mime: Click Options, See All Options.., Settings, S/MIME, click on download the S/MIME control NOTE2: If you don't see these options, your settings may have you in 'Use the blind and low vision' mode. To verify, Select Options, Accessibility. If your screen looks like the image below, uncheck the box next to Use the blind and low vision experience. Select Save (diskette above big word accessibility), Sign out, log back into your webmail, and follow instructions above. . NOTE3: If you have problems installing the S/MIME control, make sure ActiveX Filtering in the Tools, Safety menu is unchecked, then attempt to download again. . Solution 7-2: Make sure you have your @mail.mil address on your CAC. Here's how to change / update your email address on your CAC. The process is practically identical to what you see on the PIV page. Solution 7-3: If you have recently received a new CAC, follow this guide to recover your former CAC certificate(s), NOTE: you MUST be on the military UnClassified network to access the certificate recovery websites, which means you cannot access the links from your home computer. Solution 7-4: If you are receiving a blank screen after logging into OWA, please follow this guide Problem 8:How do I get support for my Enterprise Email account? Solution 8-1 (when at Home or Work): Contact the Army Enterprise Service Desk - Worldwide by calling: 866-335-2769 24x7or go to: https://aesd-w.army.mil Solution 8-1a (Army Reserve): Contact the Army Reserve Help desk at: 844-770-3737, or [from your Army Reserve computer] go to: https://esahelp Problem 9: How do I turn off conversation view inweb.mail.mil? Solution 9: Click View, uncheckUse Conversations. Problem 10: I am over my storage limit, and I can't send any email. How can I increase my email storage capacity? DEE only gives me 512 MB, what can I do? Solution 10: Call 866-335-2769 and ask who your Entitlement Manager is for your branch of service and command. Then email them to ask to be converted to a Business Class account. NOTE: The AESD may be able to upgrade you depending on who you work for. Problem 11:How can I find out how much mailbox space I'm using in OWA? Solution 11:Hover your mouse over your name, a bubble similar to this should pop up and show you. NOTE: This only works on Windows computers Problem 12: https://namehs.weebly.com/blog/download-davinci-resolve-lite-9-mac. Receive message: 'This message can't be decrypted. If you have a smart card-based digital ID, insert the card and try to open the message again' when using OWA Solution 12:Make sure the email address on your CAC is also in your Exchange profile. NOTE: This is why Army users have @mail.mil email address on their CAC. You can update your email address by following this guidance. Problem 13:I have PCSd to a new installation / location. How do I update my information in the Mail.mil Global Address List? NOTE: when you change your Installation, this will silently move your mail account to a closer DECC to your new duty station. You can see a list of them here. Solution 13: Look at Solution 3-1 above Problem 14:How do I configure my DoD Enterprise Email when at my Government computer using Outlook? NOTE: NOT available from home computer, OWA is only option Solution 14:Follow this guide Problem 15:You can get to https://web.mail.mil with your CAC and PIN. The next screen shows your actual mail server https://web-XXXX.mail.mil/owa however, this link only timeouts. It also times out if you go straight to it. Solution 15:Follow this guide Problem 16:I live in Korea (or another foreign country) and am unable to access Mail.mil from my personal computer. What can I do? Also helps problems accessing DoD sites from the USA when receiving messages regarding DNS. Solution 16-1: Try changing your DNS server IPs and see it this works for you. Here's How in Windows to manually configure the DNS settings. 1. Right click on your Wireless / Ethernet connection (down by your clock) 2. Select Open Network and Sharing Center, or Open Network & Internet settings 3. Click Change Adapter Settings, or Change adapter options 4. Right Click on your active internet connection (example: Wi-Fi or Local Area Connection), select Properties 5. Under This connection uses the following items: scroll down and click on Internet Protocol Version 4 (TCP/IPv4), then click Properties 6. Select the option Use the following DNS server addresses:. This is where you manually configure your DNS servers: NOTE: It is up to you if you want to use Quad 9 or Cloudflare. You might try each of them separately. Quad 9 - enter 9.9.9.9 for Preferred DNS server, and leave alternate DNS server blank. Click OK, then click Close or Cloudflare - enter 1.1.1.1 for Preferred DNS server, and 1.0.0.1 for alternate DNS server. Click OK, then click Close . If you are a Spectrum customer, you may need to change the DNS on your router, changing it on the client doesn't seem to allow access for some users like the ideas above. Here's How on a Mac to manually configure the DNS settings. 1. Click Apple icon -> System Preferences, Network. 2. Select the network connection service you want to use (usually Wi-Fi or Ethernet, unless you named it something else) in the list, then click the Advanced (button). 3. Click the DNS (tab), click the (+) at the bottom of the DNS Servers list. This is where you will add DNS server IP addresses. NOTE: It is up to you if you want to use Quad 9 or Cloudflare. You might try each of them separately. Quad 9 - enter 9.9.9.9 and leave alternate DNS blank Firefox for pc 32 bit. or Cloudflare - enter 1.1.1.1 for first line and 1.0.0.1 the second line 4. When you're finished, click OK, then close the open window If you are a Spectrum customer, you may need to change the DNS on your router, changing it on the client doesn't seem to allow access for some users like the ideas above. Solution 16-2:Overseas personnel may need to try a VPN solution Solution 16-3:Contact the Army Enterprise Service Desk to let them know you are having problems. Problem 17:You are trying to updateMilConnect [are married to another Service member] and cannot get your information to show you as the Sponsor. You are probably showing up as a family member. Solution 17: Follow guide in problem 3-1 above Problem 18: I can't access my web.mail.mil email server, is the website down? Solution 18: Visit: https://status.mail.mil (use your Email or PIV cert) you may be able to find out information about the status of your DECC. Problem 19: Why am I being prompted for my PIN constantly when using Windows 10, 8 / 8.1, 7 built in smart card utility, or with ActivClient 7.0.1.x and 7.0.2.x? Solution 19: Windows 10, 8 / 8.1 built in smart card utility. DoD Enterprise Email may ask you constantly for your PIN. The only solution I've found is for you to install ActivID 7.1.0.153 Problem 20: Firefox refuses to cooperate with Mail.mil Solution 20: Follow installation guidance on Firefox page. I followed #1, #2, & #3. Problem 21: See 'The ActiveX control needs to be enabled in Internet Explorer for Outlook Web App to work correctly. Click here to sign out, enable the ActiveX control, and then sign in to Outlook Web App.' Solution 21:Follow this entire guide. Problem 22: See: 'Your S/MIME control is out of date.' Solution 22: Follow Solution above (Since the instructions they give you here are missing a step). NOTE: This will only work with Internet Explorer (32 bit), NOT the 64 bit version (or on a Mac or any other web browser) Problem 23: Receive 'Error Code: 500 Internal Server Error. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.' Solution 23 (Windows users):Follow this information Solution 23 (Mac users): Follow these ideas Problem 24: The 'New' button does not work to create a New email (on Windows 8.1) Solution 24: The problem is incompatible Browser Mode and Document Mode. In order for IE 11 on Windows 8.1 to work with the EE-OWA, the Browser Mode can be any from IE11 (regular or Compatibility Mode) to IE7 and the Document Mode MUST be IE8 Standards or higher (e.g. IE9 Standards). Access that Menu by pressing F12. A small window will open at the bottom of the browser. The options are on the right of the Menu Bar of that small window. Problem 25: I am receiving the error message: 'No digital ID for signing has been found. If you have a smart card-based digital ID, insert the card and try to send the message again. You can also try sending the message without a digital signature.' Information: This affects users who have their AKO email address on one or both military and civilian CACs. Solution 25-1: Update / change email address on your CAC(s) to your Enterprise Email address. Solution 25-2:Visit an ID card office to have them update your email address on your CAC(s) to your DoD Enterprise Email address. Solution 25-3:Your computer still has your certificates from your former CAC, and is trying to use them instead of your new CAC certificates. Follow slide 23 in this guide to clear them. Problem 26: Web.mail.mil / OWA locks up when trying to delete a thread of email, moving messages, and dismissing reminders. NOTE: You may have received an update to Skype on your Windows computer. This update comes with Skype Click to Call (C2C). People have noticed the issue appear and also noticed phone numbers in emails suddenly appeared in blue (hyperlinks) with a Skype symbol next to them. Solution 26: Uninstall C2C and the issue with locking up OWA when deleting email threads, moving messages, and dismissing reminders will go away. Problem 27: When forwarding emails from web.mail.mil, the attachments are not showing in the message, but somehow the recipient is still getting the attachment. Solution 27: The attachment is hidden from your current view. Follow guidance in Problem 28) Problem 28: I cannot see my attachments once I add them to a new email message in OWA when using Internet Explorer 11? How do I know they are actually there before I send the email? . Solution 28-1: Add the attachment to the email you are creating. Save the email as a draft. Close the email message, reopen it. You should now see that the attachment is in the outgoing email. Solution 28-2: Use Google Chrome when sending attachments. Please know you will not be able to encrypt email when using Chrome. Solution 28-3: Make sure you have Silverlight installed (http://www.microsoft.com/getsilverlight) Solution 28-4: Follow this guide when using Internet Explorer Problem 29: Receiving a message stating: There were problems validating this signature. (More information) when trying to read encrypted or signed emails in OWA When you click on More information, you get this Solution 29:Add https://*.mail.mil to your web browser's Trusted Sites (I know this goes against other guidance on this website). Here's how: Open Internet Explorer, Tools, Internet Options, Security (tab), Trusted Sites (green checkmark), Sites (button), Copy https://*.mail.mil and paste it into the Add this website to the zone: (box), select Add, then close to get out of Trusted Sites. Other branches of the military should follow this guide Problem 30: What do the 3 letters mean after your name and before the @ sign? Example: first.m.last.mil@mail.mil Information 30: Information 30a: A PIV is comprised of your 10 digit DoD ID # followed by 6 more digits The 1st digit is the Organizational Category 1 = Federal Government Agency 2 = State Government Agency 3 = Commercial Enterprise 4 = Foreign Government Source: Paragraph 5.1.5.2.8 https://www.dmdc.osd.mil/smartcard/docs/DoD%20PIV%20Transitional%20Implementation%20Guide.pdf The 2nd through 5th are the Agency Code 2100 = Department of the Army 5700 = Department of the Air Force 1700 = Department of the Navy ![]() 1727 = Department of the Navy - US Marine Corps 9700 = Department of Defense - Other Agencies 7008 = US Coast Guard 7520 = US Public Health Service 1330 = National Oceanic and Atmospheric Administration Source: Paragraph 5.1.5.2.1 https://www.dmdc.osd.mil/smartcard/docs/DoD%20PIV%20Transitional%20Implementation%20Guide.pdf The 6th position is the Person / Organization Association Category 1 = Employee, example: NAF (Non Appropriated Funds) 2 = Civil, example: CIV / LN (Civilian / Local National) 3 = Executive Staff 4 = Uniformed Service, example: MIL (Military) 5 = Contractor CTR (Contractor) 6 = Organization Affiliate, example: NFG / Volunteer / Foreign Military (Non-Federal Government) 7 = Organization Beneficiary Source: Paragraph 5.1.5.2.10 https://www.dmdc.osd.mil/smartcard/docs/DoD%20PIV%20Transitional%20Implementation%20Guide.pdf https://namehs.weebly.com/blog/download-apple-broadband-tuner-for-mac. Problem 31: After receiving a new CAC, you receive the following message when trying to use your CAC. 'A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate.' Solution 31: Your computer still has your certificates from your former CAC, and is trying to use them instead of your new CAC certificates. Follow slide 23 in this guide to clear them.
Problem 32: Receive the following error message 'Your current security settings do not allow this file to be downloaded.'
.
Solution 32: Open Internet Explorer, click Tools, Internet Options, Security (tab), select the Internet icon, click the Custom level.. (button), scroll down to the section titled Downloads and under File download make sure Enable is selected.
.
.
.
.
Problem 33: I can't access my webmail
.
Solution 33:Try disabling your Antivirus / web protection, if this works. you may need to find a compatible AV program. Sometimes this may still not work, where an actual uninstall is all that will work.
Avast users do this: Add *mail.mil* [and any other websites you can't access] to the Exclusions section of Main Settings, see image. More information about what Avast is doing can be read here.
AVG users follow their guidance by adding https://*.mail.mil to the exceptions list
Bitdefender users may need to uninstall the program and find a different Antivirus program
Kaspersky users follow their guidance by adding https://*.mail.mil to the exceptions list. Another person had to turn off the Parental controls.
-Another fix for Kaspersky users is to turn off 'Traffic Processing' under 'Network Settings'
McAfee users follow their guidance
Problem 34: Receiving 'This message contains an attachment encoded in a format that Outlook Web App doesn't recognize. Some of the information it contains may not be displayed in the message body.' when trying to open an attachment in an email using webmail.
. Solution 34: The attachment could be corrupt. Have them resend to you, they may also need to be send it unencrypted. Problem 35: Mac users are unable to add attachments to emails Solution 35: Close OWA, download and install Microsoft Silverlight from: https://www.microsoft.com/getsilverlight once installed, log back into OWA and attach your file to your email. Problem 36: You are a member of a Non Persona Entity (NPE) mailbox and need to access it via web.mail.mil Click on your name Start typing the name of the mailbox, you'll see it start to populate Problem 37: Receive error message 'One or more errors occurred while the message was being sent. Error: (0x80004003)' with Lync or Skype installed when trying to send emails in OWA. Solution 37: In Internet Explorer, click Tools, Manage Add-ons. Find and select Lync Browser Helper, click the Disable button Problem 38: Receive error message 'This message can't be decrypted because its encryption algorithm isn't supported or your digital ID can't be found. If you have a smart card-based digital ID, insert the card and try again to open the message.' or the same message followed by: 'The digital signature of this message couldn't be validated because an error occurred while the message was being loaded.' Information 38: This error can be caused by the certificate in the Global Address List does not match what is on your CAC. Commonly caused with new cards issued within 24-48 hours. Solution 38 (OWA users) part 1: Login to the Global Directory Service (GDS) at: https://dod411.gds.disa.mil/index.html (CAC required link (ID Certificate)), Enter your last name and first name, click Search. Click your underlined last name, Select Download Certificate(s) as .cer file (Non-Outlook Users). Save the file to your computer. Double click the .cer file to view the valid from and todates. Now open your IE web browser, navigate to Tools, Internet Options, Content (tab), Certificates (button), Personal (tab), Select either of your Email certificates and select View (button), if these dates do not match the other file, then the GAL has the wrong certificate for you. Solution 38 (OWA users) part 2: Follow guidance on PIV activation page to set up your Windows computer for the site. Then follow these instructions except DO NOT add a PCC to your CAC, if you do, you can try this idea, if it doesn't' work, you'll need to get a new CAC to undue it. Click in email address block, and don't change it, but select the button for changing it. After roughly 30 hours, your certificate will publish to the GAL and the errors should go away. Solution 38 (Outlook users on Government computer): Publish your certificates to the GAL using Outlook, here's how: -Outlook 2016, 2013, & 2010: File (tab), Options, Trust Center, Trust Center Settings..(button), E-mail Security, Click on Publish to GAL..(button) -Outlook 2007: Tools, Trust Center.., E-mail Security, Click on Publish to GAL..(button) Problem 39: While using OWA, you receive the following error message: 'The window couldn't be opened because pop-ups are current blocked by the browser. Would you like to open the window anyway? To avoid seeing this message in the future, turn off pop-up blocking in the settings for your browser.' Solution 39: Uncheck 'Enable 64-bit processes for Enhanced Protected Mode*' Here's where to find it: Open Internet Explorer, click Tools, Internet Options, Advanced (tab), scroll down to the the Security section. Problem 40: Receive error message 'This message can't be sent in an encrypted form because your computer doesn't work with the required encryption methods. To send the message, remove encryption. If the problem continues, contact your helpdesk.' or 'One or more errors occurred while the message was being sent. Error: (0x80040154)' Solution 40-1: If you have MalWare Bytes (MB) installed, it is blocking the VBScript from allowing you to send an email via OWA. You can right click it and close the program to see if this is what is causing your issue. If that doesn't work, try Solution 40-2 below. Solution 40-2: Open Settings, Protection (tab), Advanced Settings (button), Under the Application Hardening (tab), Uncheck Disable Internet Explorer VB Scripting (under the Browsers heading), click Apply Question: What exactly is 'Dual Persona?' Answer: The easiest way to explain is to give you an example: an Army Reserve [or National Guard] Soldier who is also a DoD civilian [or contractor] and is authorized [or required] to have / carry / use two separate CACs. We are finding that people who were previously a contractor [or civilian] during the past three years [even if they left the job a year ago] are still classified as a Dual Persona in the eyes of DMDC and DISA. Individuals that fall into this category HAVE to activate their PIV cert to be able to access their email on the DoD Enterprise Email. NOTE: Between mid October 2019 and mid February 2020 everyone in the Army was migrated to use their PIV Authentication certificate for Email access. You no longer use the Email certificate for Enterprise Email. Mac users who choose to upgrade (or already have upgraded) to Mac OS Catalina (10.15.x) will need to uninstall all 3rd Party CAC enablers per https://militarycac.com/macuninstall.htm AND reenable the built in smart card ability (very bottom of macuninstall link above) If you purchased your Mac with OS Catalina (10.15.x) already installed, you can skip the uninstall part above and follow the instructions below. 6 'high level' steps needed, follow down the page to make this a painless systematic process
Step 1: Is your CAC reader Mac friendly?
Visit the USB Readers page to verify the CAC reader you have is Mac friendly.
Visit the USB-C Readers page to verify the CAC reader you have is Mac friendly.
'Some, not all' CAC readers may need to have a driver installed to make it work.
NOTE: Readers such as: SCR-331 & SCR-3500A may need a firmware update (NO OTHER Readers need firmware updates).
Information about these specific readers are in Step 2
Step 2: Can your Mac 'see' the reader?
Plug the CAC reader into an open USB port before proceeding, give it a few moments to install
Step 2a: Click the Apple Icon in the upper left corner of the desktop, select 'About This Mac'
Step 2b: Click 'System Report..' (button)
Step 2c: Verify the CAC reader shows in Hardware, USB, under USB Device Tree. Different readers will show differently, most readers have no problem in this step. See Step 2c1 for specific reader issues.
Step 2c1: Verify firmware version on your SCR-331 or GSR-202, 202V, 203 CAC, or SCR-3500a reader. If you have a reader other than these 5, Proceed directly to step 3
Step 2c1a-SCR-331 reader
If your reader does not look like this, go to the next step.
![]()
In the 'Hardware' drop down, click 'USB.' On the right side of the screen under 'USB Device Tree' the window will display all hardware plugged into the USB ports on your Mac. Look for âSCRx31 USB Smart Card Reader.â If the Smart Card reader is present, look at 'Version' in the lower right corner of this box: If you have a number below 5.18, you need to update your firmware to 5.25. If you are already at 5.18 or 5.25, your reader is installed on your system, and no further hardware changes are required. You can now Quit System Profiler and continue to Step 3.
Step 2c1b-SCR-3500A reader
If you have the SCR3500A P/N:905430-1 CAC reader,you may need to install this driver, as the one that installs automatically will not work on most Macs. Hold the control key [on your keyboard] when clicking the .pkg file [with your mouse], select [the word] Open
Step 3: Verify which version of MacOS do you have?
(You need to know this information for step 6)
Step 3a: Click the Apple Icon in the upper left corner of your desktop and select 'About This Mac'
Step 3b: Look below Mac OS X for: Example: Version 10.X.X.
Step 4: Figure out which CAC (ID Card) you have
(You need to know this information for step 6)
Look at the top back of your ID card for these card types. If you have any version other than the six shown below, you need to visit an ID card office and have it replaced. All CACs [other than these six] were supposed to be replaced prior to 1 October 2012.
Find out how to flip card over video
Step 5: Install the DoD certificates (for Safari and Chrome Users)
Go to Keychain Access
Click: Go (top of screen), Utilities, double click Keychain Access.app
(You can also type: keychain access using Spotlight (this is my preferred method))
Select login (under Keychains),and All Items (under Category).
Download the 5 files via links below (you may need to <ctrl> click, select Download Linked File As.. on each link) Save to your downloads folder
Please know.. IF You have any DoD certificates already located in your keychain access, you will need to delete them prior to running the AllCerts.p7b file below.
https://militarycac.com/maccerts/AllCerts.p7b,
https://militarycac.com/maccerts/RootCert2.cer,
https://militarycac.com/maccerts/RootCert3.cer,
https://militarycac.com/maccerts/RootCert4.cer, and
Double click each of the files to install certificates into the login section of keychain
Microsoft S Mime Download
Select the Kind column, verify the arrow is pointing up, scroll down to certificate, look for all of the following certificates:
DOD EMAIL CA-33 through DOD EMAIL CA-34,
DOD EMAIL CA-39 through DOD EMAIL CA-44,
DOD EMAIL CA-49 through DOD EMAIL CA-52,
DOD EMAIL CA-59,
DOD ID CA-33 through DOD ID CA-34,
DOD ID CA-39 through DOD ID CA-44,
DOD ID CA-49 through DOD ID CA-52,
DOD ID CA-59
DOD ID SW CA-35 through DOD ID SW CA-38,
DOD ID SW CA-45 through DOD ID SW CA-48,
DoD Root CA 2 through DoD Root CA 5,
DOD SW CA-53 through DOD SW CA-58, and
DOD SW CA-60 through DOD SW CA-61
NOTE: If you are missing any of the above certificates, you have 2 choices,
1. Delete all of them, and re-run the 5 files above, or
2. Download the allcerts.zip file and install each of the certificates you are missing individually.
Errors:
Error 100001 Solution
Error 100013 Solution
You may notice some of the certificates will have a red circle with a white X . This means your computer does not trust those certificates
You need to manually trust the DoD Root CA 2, 3, 4, & 5 certificates
Double click each of the DoD Root CA certificates, select the triangle next to Trust, in the When using this certificate: select Always Trust, repeat until all 4 do not have the red circle with a white X.
You may be prompted to enter computer password when you close the window
Once you select Always Trust, your icon will have a light blue circle with a white + on it.
The 'bad certs' that have caused problems for Windows users may show up in the keychain access section on some Macs. These need to be deleted / moved to trash.
The DoD Root CA 2 & 3 you are removing has a light blue frame, leave the yellow frame version. The icons may or may not have a red circle with the white x
https://namehs.weebly.com/blog/dark-souls-3-mac-free-download. If you have tried accessing CAC enabled sites prior to following these instructions, please go through this page before proceeding
Clearing the keychain (opens a new page)
Please come back to this page to continue installation instructions.
Step 5a: DoD certificate installation instructions for Firefox users
NOTE: Firefox will not work on Catalina (10.15.x), or last 4 versions of Mac OS if using the native Apple smartcard ability
Download AllCerts.zip, [remember where you save it].
double click the allcerts.zip file (it'll automatically extract into a new folder)
Option 1 to install the certificates (semi automated):
From inside the AllCerts extracted folder, select all of the certificates
<control> click (or Right click) the selected certificates, select Open With, Other..
In the Enable (selection box), change to All Applications
Select Firefox, then Open
You will see several dozen browser tabs open up, let it open as many as it wants.
You will eventually start seeing either of the 2 messages shown next
If the certificate is not already in Firefox, a window will pop up stating 'You have been asked to trust a new Certificate Authority (CA).'
Check all three boxes to allow the certificate to: identify websites, identify email users, and identify software developers
or
'Alert This certificate is already installed as a certificate authority.' Click OK
Once you've added all of the certificates..
⢠Click Firefox (word) (upper left of your screen) ⢠Preferences ⢠Advanced (tab) ⢠Press Network under the Advanced Tab ⢠In the Cached Web Content section, click Clear Now (button). ⢠Quit Firefox and restart it Download's Mime Control
Option 2 to install the certificates (very tedious manual):
Click Firefox (word) (upper left of your screen)
Preferences
Advanced (tab on left side of screen)
Certificates (tab)
View Certificates (button)
Authorities (tab)
Import (button)
Browse to the DoD certificates (AllCerts) extracted folder you downloaded and extracted above.
Note: You have to do this step for every single certificate
S Mime Download For Windows 10
Note2: If the certificate is already in Firefox, a window will pop up stating: 'Alert This certificate is already installed as a certificate authority (CA).' Click OK
Note3: If the certificate is not already in Firefox, a window will pop up stating 'You have been asked to trust a new Certificate Authority (CA).'
Check all three boxes to allow the certificate to: identify websites, identify email users, and identify software developers
Once you've added all of the certificates..
⢠Click Firefox (word) (upper left of your screen) ⢠Preferences ⢠Advanced (tab) ⢠Press Network under the Advanced Tab ⢠In the Cached Web Content section, click Clear Now (button). ⢠Quit Firefox and restart it
Step 6: Decide which CAC enabler you can / want to use
Only for Mac El Capitan (10.11.x or older)
After installing the CAC enabler, restart the computer and go to a CAC enabled website
NOTE: Mac OS Sierra (10.12.x), High Sierra (10.13.x), Mojave (10.14.x) or Catalina (10.15.x) computers no longer need a CAC Enabler.
Try to access the CAC enabled site you need to access now
Mac support provided by: Michael Danberry
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |