Search MilitaryCAC:

Site Map logo

.com | .us | .ml  | .mobi | .net | .org

The Definitive Source for Everything CAC

Common Access Card help for your

Personal Linux Computer

Also available at:

Please ShareThis website with your friends and colleagues

Make a Donation button image





Linux logo


Linux support provided by Nathan Wolf


The following is a guide to assist in setting up your Linux computer to access CAC-enabled DoD websites from the general to the specific.

Install the middleware

The Linux CAC Reader stack is based on a set of middleware called PCSC (Personal Computer Smart Card), written by the MUSCLE (Movement for the Use of Smart Cards in a Linux Environment) project.


Software packages

pcsc-lite - PCSC Smart Cards Library

pcsc-ccid - generic USB CCID (Chip/Smart Card Interface Devices) driver

            Note: Depending on your card reader you may need to install other drivers

perl-pcsc - Abstraction layer to smart card readers

pcsc-tools - Optional but highly recommended, these tools are used to test a PCSC driver, card and reader

The naming of this package / library name varies from one distribution to another depending on the package maintainer.  For example if you want to find the pcsc-lite package, enter into the search engine of your choice:

  pcsc lite yourdisribution

Replace yourdisribution with openSUSE, Fedora or Ubuntu; whatever you are running


PKCS #11 module

The original module to read PKCS #11 keys was 'Coolkey' which has been replaced by the currently required module 'CACkey', available from DISA's Linux development site:

NOTE:  A computer with working CAC authentication is required for the download. hosts both CACkey and the DoD Configuration extension, but it also needs CAC authentication to download the packages.  Easiest may be to download all on a CAC enabled computer and then transfer to the Linux machine via thumb drive. From download:

             The latest version of CACkey

             The latest version of the DoD Configuration extension for Firefox

Recommend these be stored on AKO Cloud, Dropbox, Google Drive, portable media, or other location to ensure continued access.


Configuring Firefox

Firefox requires a plug-in and some tweaking.

The plug-in is the aforementioned DoD Configuration extension for Firefox obtained from DISA

Once installed it may need configuring:

                Select from the menu, Tools > Add-ons

                Once the Add-ons page is loaded, Select Extensions > DOD Configuration [version] and click Preferences.

                Click the certificate buttons to update the certificate cache with the necessary DOD certificates, then click Redetect Smart Card Reader.

                If it fails to find the reader all is not lost--go to  or some other CAC-required site and give it a try--it often works.

If the CAC Module is not working:

                Select from the menu, Edit > Preferences > Advanced > Encryption > Security Devices

                Check the left column.  It should show an entry similar to "CAC Module" along with certificate(s) as a sub-item.  If it doesn't work then the entries are wrong.

                Select the entry and select Unload to remove the security device

                  ◦             To install / reinstall the CAC driver in Firefox using the above listed Security Devices

                Select Load on the dialog box

                Module name should be something like: DoD CAC

                Module filename: either type in or browse to the location of the drivers

                The files will be located under either: 






OpenJDK is not compatible with DBSign.  You will have to install Java from Oracle.  This varies from distribution to distribution.

See below for distribution specific information.


DoD Certificates

Available for Linux by visiting the DoD Class 3 PKI page on


External Links

Site contains CACkey and the Mozilla AddOn in order to allow Firefox to access the CAC Card through the reader

Firefox plug-in that allows you to digitally sign Gmail messages with a digital certificate from your CAC in the web interface:


Linux Debian "Etch" using GemPlus


Judson's Notes on using CAC with Linux


openSUSE Wiki DoD CAC Installation Guide

openSUSE 12.1 installation assistance

openSUSE Support Database Installing SDB:Installing Java

Linux Mint

"Olivia" installation guide  (provided by Tim Friend)
Linux Miint logo 

Linux Mint

"Petra" installation guide  (provided by Wayne Moore)
Linux Mint Petra image


Instructions for installing CAC on Ubuntu 13.04

Guide for Installing CAC on Ubuntu 12.04

Guide for Installing CAC on Ubuntu 11.04

Update to PDF immediately above regarding Ubuntu 11.10: Update about getting CACs to work on the new Ubuntu 11.10 as it is different than directions listed for Ubuntu 11.04.  In short, Coolkey will not work, CACKey must be downloaded from DISA source forge (CAC login only).  Second, the install would not work until I manually created the directory /usr/lib64 in the terminal

Ubuntu 11.04 users guide

A good step by step (with pictures) guide for setting up CAC use on Fedora (13) & Ubuntu (10.4) Linux

Ubuntu forums for CAC support & another page

Lotus Forms Viewer 8

Ubuntu forums website where you can read about configuration / utilization of your CAC.

Other Useful Links

DBSign on Linux information

Lotus Forms installation into Linux information.

Pure Edge installation into Linux information

Please note: there is still NO way to digitally sign an XFDL form in Linux.

Office 2007 installation into Linux information

QWS3270 installation into Linux information

TxSystems, Inc CAC Reader driver download page (includes drivers for Linux)



Some older links, that "may" help you:

There's a Firefox plug-in that allows you to digitally sign Gmail messages with a digital certificate from your CAC in the web interface:



 Linux Debian "Etch" using GemPlus

Another Soldier used Ubuntu 8.04 (Hardy Heron) with Mozilla's Thunderbird for email.  He used Coolkey to get the CAC reader working with Firefox, then loaded Coolkeys pkcs module into Thunderbird.



Another Ubuntu forums website where you can read about configuration / utilization of your CAC. 
Using Linux with your CAC links on Google


Linux support provided by: Noah Kalish & Nathan Wolf


If you have questions or suggestions for this site, contact Michael J. Danberry

Are you interested in subscribing to the CACNews email list?



ACRONYM Reference Page


GoDaddy Site Certified seal


Last Update or Review:  Tuesday, 17 February 2015 09:58 hrs


The following domain names all resolve to the same website:,,, &