This is a quick guide to getting Apache CAC (or other x509) client certificate enabled -and is directed at Mac, although most of this is probably most flavors of Linux.Much of this is all attributed to the following references, and for the most part acts as a fill-in the gapsfor me.

First get SSL running. A self-signed cert will suffice.

12) The PIV Update window displays ^Your CAC has been successfully updated. Great, your PIV-Auth (Authentication) Certificate is now activated (added to your CAC)! No further action is required at this time. /korg-polysix-vst-free-download.html. Further guidance for using the new Authentication certificate will be announced via ALCOAST by April 2020. I will teach you how to gain CAC access to military websites if you are a DOD employee. This works for all branches of service.

Set up SSL https://gist.github.com/jonathantneal/774e4b0b3d4d739cbc53

Military Cac For Mac No Client Certificate Presented As A

• out of the box, appears to only not complain in Safari [good enough for the moment]

Cac Card No Client Certificate Present

• Grab the bundled certificates
• From the README, openssl pkcs7 -in Certificates_PKCS7_v5.0u1_DoD.pem.p7b -print_certs -out DoD_CAs.pem

The generated DoD_CAs.pem will be your CA file referenced from Apache.

• There are a bunch of other interesting tools:http://iase.disa.mil/pki-pke/Pages/tools.aspx

In a perfect world, you will need to set-up and maintain an revocation list (not yet done). The above referenced CAC HowToshave more details regarding that. The DoD maintained revocation list, however, is https://crl.gds.disa.mil/

This will open up a non-secured port 80 host. Its probably best to direct this somewhere thatyou are not trying to have authenticated login, as it stands, it is wide open.

This SSL section is where all the magic happens for the CAC Auth