How to Set Up a CAC Reader on Mac in 2026

Setting up a CAC reader on a Mac used to be a nightmare. Apple has made things somewhat easier over the past couple of years, but there are still a few gotchas that trip people up. Here’s a straightforward walkthrough for getting your Common Access Card working on macOS in 2026.

What You Need Before You Start

You’ll need three things: a compatible CAC reader (USB, plugged directly into your Mac or through a reliable hub), your CAC card itself, and about 20 minutes. The good news is that macOS now includes native smart card support through CryptoTokenKit, so you no longer need to install third-party middleware in most cases.

Make sure your macOS version is current. Apple regularly updates the smart card framework, and running an older version can cause certificate recognition problems that look like hardware failures.

Step 1: Plug In and Verify

Connect your CAC reader to your Mac. Open System Information (Apple menu > About This Mac > More Info > System Report) and look under USB. Your reader should appear in the device list. If it doesn’t show up, try a different port or cable. USB-C hubs can be finicky — if possible, use a direct USB-A to USB-C adapter rather than a multi-port hub for your first setup.

Step 2: Insert Your Card and Check Recognition

Insert your CAC card into the reader with the chip facing up (or toward the reader contacts — it varies by model). Open Keychain Access from Applications > Utilities. You should see your CAC certificates appear in the login keychain or a separate smart card keychain. Look for your name and DoD certificates.

If nothing appears, open Terminal and type: security list-smartcards. This will tell you whether macOS detects a smart card at all. No output means the system isn’t seeing your card.

Step 3: Install DoD Certificates

This is the step most guides rush through. You need the DoD root certificates installed in your system keychain for your browser to trust DoD websites. Head to the DoD Cyber Exchange website (public side) and download the latest DoD certificate bundle. It’s usually labeled “InstallRoot” or similar.

Run the installer package. It will add the DoD root and intermediate CA certificates to your System keychain. You’ll need to enter your Mac admin password. After installation, open Keychain Access, select System Roots, and verify you see certificates from “DoD Root CA” entries.

Step 4: Browser Configuration

Safari works natively with CryptoTokenKit and usually needs no extra configuration. Just navigate to a CAC-enabled site and Safari will prompt you to select a certificate and enter your PIN.

Chrome also uses the macOS keychain and should work similarly. If Chrome doesn’t prompt for your certificate, go to chrome://settings/certificates and verify the DoD certs are visible.

Firefox is the outlier. It uses its own certificate store, not the system keychain. You’ll need to go to Firefox Settings > Privacy & Security > Certificates > Security Devices, then load the CryptoTokenKit module manually. This step trips up a lot of people who use Firefox as their default browser.

Common Problems and Fixes

If you get a “certificate not trusted” error, your DoD root certs are either missing or outdated. Re-download and reinstall them. If your PIN prompt never appears, the smart card service might need a restart — try removing and reinserting the card. If you’re on a managed Mac through your organization, check whether your IT department has specific configuration profiles that need to be installed first.

One last thing: if you upgraded macOS recently and everything broke, that’s normal. Major macOS updates occasionally reset smart card preferences. Walk through these steps again after any OS upgrade and you’ll be back in business.