Using your CAC on Linux requires OpenSC middleware and proper certificate configuration. This guide covers setup for Ubuntu, Fedora, and other common distributions.
Installing Required Packages
Install the smart card tools and OpenSC middleware:
Ubuntu/Debian
sudo apt update
sudo apt install opensc opensc-pkcs11 pcsc-tools libnss3-toolsFedora/RHEL
sudo dnf install opensc pcsc-tools nss-toolsStarting the Smart Card Service
Enable and start the PC/SC daemon:
sudo systemctl enable pcscd
sudo systemctl start pcscdTesting Card Reader Detection
Verify your reader and card are recognized:
pcsc_scanYou should see your reader listed and card ATR (Answer to Reset) displayed when you insert your CAC.
Installing DoD Certificates
Download and import DoD root certificates:
- Download certificates from militarycac.com
- Extract to a temporary directory
- Import to the system certificate store:
sudo cp *.cer /usr/local/share/ca-certificates/
sudo update-ca-certificatesConfiguring Firefox on Linux
Add the OpenSC PKCS#11 module to Firefox:
- Open Firefox Preferences > Privacy & Security
- Scroll to Security Devices and click the button
- Click Load and browse to: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
- Name it “CAC Module” and click OK
Chrome/Chromium on Linux
Chrome uses the NSS certificate database. Add your CAC module:
modutil -dbdir sql:$HOME/.pki/nssdb -add "CAC Module" -libfile /usr/lib/x86_64-linux-gnu/opensc-pkcs11.soTroubleshooting
Permission denied errors: Add your user to the scard group: sudo usermod -aG scard $USER (then log out and back in)
Reader not found: Check that pcscd service is running and your reader is in the USB device list (lsusb)
