Linux CAC Guide

Using your CAC on Linux requires OpenSC middleware and proper certificate configuration. This guide covers setup for Ubuntu, Fedora, and other common distributions.

Installing Required Packages

Install the smart card tools and OpenSC middleware:

Ubuntu/Debian

sudo apt update
sudo apt install opensc opensc-pkcs11 pcsc-tools libnss3-tools

Fedora/RHEL

sudo dnf install opensc pcsc-tools nss-tools

Starting the Smart Card Service

Enable and start the PC/SC daemon:

sudo systemctl enable pcscd
sudo systemctl start pcscd

Testing Card Reader Detection

Verify your reader and card are recognized:

pcsc_scan

You should see your reader listed and card ATR (Answer to Reset) displayed when you insert your CAC.

Installing DoD Certificates

Download and import DoD root certificates:

1. Download certificates from militarycac.com
2. Extract to a temporary directory
3. Import to the system certificate store:

sudo cp *.cer /usr/local/share/ca-certificates/
sudo update-ca-certificates

Configuring Firefox on Linux

Add the OpenSC PKCS#11 module to Firefox:

1. Open Firefox Preferences > Privacy & Security
2. Scroll to Security Devices and click the button
3. Click Load and browse to: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
4. Name it “CAC Module” and click OK

Chrome/Chromium on Linux

Chrome uses the NSS certificate database. Add your CAC module:

modutil -dbdir sql:$HOME/.pki/nssdb -add "CAC Module" -libfile /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

Troubleshooting

Permission denied errors: Add your user to the scard group: sudo usermod -aG scard $USER (then log out and back in)

Reader not found: Check that pcscd service is running and your reader is in the USB device list (lsusb)