CAC-Enabled Web Browsing Using the Thursby PKard Reader Smart
Transcript of CAC-Enabled Web Browsing Using the Thursby PKard Reader Smart
UNCLASSIFIED
DoD Public Key Enablement (PKE) Quick Reference Guide (QRG)
CAC-Enabled Web Browsing Using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application Contact: [email protected] URL: http://iase.disa.mil/pki-pke
Continued on page 2
This guide provides step-by-step instructions for initial setup and basic CAC-enabled web browsing on an iOS device using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application (App). These instructions were generated using an iPhone 4S running iOS version 5.1.1 and the PKard Reader app version 1.0. The PKard Reader SCR was model TSS-PK1 and ran firmware version 1.0.0.
Initial Setup Step 1
Connect the SCR to the 30-pin port at the bottom of the iPhone
and insert the CAC.
Version 1.0 9/17/2012
UNCLASSIFIED 2
Step 3
If this is the first time the device has run the PKard Reader App, it
will prompt you to register the product. Press No Thanks.
Step 4
If this is the first time the device has run the PKard Reader App, it
will prompt you to import Bookmarks from a pre-compiled list of
known CAC-Enabled websites that are interoperable with the
PKard Reader App. For ease of use, it is recommended you
import all bookmarks. Expand each category and select each
bookmark. Press Import.
Step 2
From the iPhone, press the PKard Reader icon to start the
application.
Verifying Smart Card Continued on page 3
Version 1.0 9/17/2012
UNCLASSIFIED 3
Step 2
There are eight possible Smart Card Reader Status icons:
- No card reader attached indicates that the PKard
Reader SCR has not been connected to the iPhone. - Reader is being configured appears when the SCR is
first connected to the iPhone. - Reader is ready, no card inserted indicates that the
SCR is connected and awaiting the user to insert a CAC.
- Reader is ready, card initializing indicates that the SCR is connected, the CAC has been inserted, and the
PKard Reader application is determining the validity of the card.
- Reader is ready, card ready to use indicates that verification of the CAC was successful and it is now ready
to be used.
- Reader is ready, card powered off indicates that the SCR has detected a CAC is present but that it is powered
off and not ready to be used. - Reader hardware failure indicates that the SCR is
present, but is not functioning. To correct this error,
reseat the SCR in the iPhone and restart the PKard Reader App.
- Smart Card failure or card not supported indicates that there was a problem verifying the CAC. To correct
this error, reseat the CAC in the SCR and restart the PKard Reader App.
Verifying Smart Card Step 1
The PKard Reader App is now running and should look similar to Safari, iOS’s native web browser. One notable difference is in the
upper right hand corner where an icon displays the Smart Card Reader Status.
Continued on page 4
Version 1.0 9/17/2012
UNCLASSIFIED 4
Step 3
To verify that the CAC is being properly read by the PKard Reader, press Settings in the lower right corner.
Step 4
Press Show Settings.
Step 5
Under the Smart Card heading, press the blue circle to the right of the Thursby Software icon.
Continued on page 5
Version 1.0 9/17/2012
UNCLASSIFIED 5
Step 6
Under the Certificates heading, press the Email Signing certificate option.
Note: The Identity and Email Encryption certificates are also viewable from this menu, but for the purposes of this guide, only the Email Signing certificate is demonstrated.
Step 7
The PKard Reader App will display the Email Signing certificate
stored on the CAC.
Note: If the application does not display the identity certificate, attempt one of the following troubleshooting procedures:
1. In the Settings Menu, under the Security heading, turn off FIPS 140 Testing.
2. In the Settings Menu, under the Smart Card heading, press Clear Certificate Cache, and then press Reload Certificate Cache.
3. From the Browser window, press the Settings button and select Secure Reset.
4. Press the Home button to leave the application. Double-tap the Home button to open the task manager. Press and hold the PKard Reader icon. Press the Red Circle icon that appears on top of the PKard Reader icon to force quit the app. Press the Home button to exit the Task Manager. Press the PKard Reader icon to restart the application.
Using the PKard Reader Continued on page 6
Version 1.0 9/17/2012
UNCLASSIFIED 6
Using the PKard Reader Step 1
To navigate to one of the CAC-enabled websites imported as a bookmark in the PKard Reader App, press Bookmarks at the
bottom of the browser window, and then navigate to the desired website and select it.
Note: You may also navigate to a desired CAC-enabled website by entering the URL into the address bar. However not all CAC-enabled websites have been tested with the PKard Reader App and may not function correctly. There is reasonable assurance that the bookmarked websites have been tested for interoperability with the CAC.
Step 2
For the purposes of this QRG, DoD Enterprise Email (DEE) Outlook Web Access (OWA) was selected, but the following steps
will remain consistent for any of the bookmarked websites. DEE
OWA is located at U.S. Army → web.mail.mil.
Step 3
The browser will present DEE’s Terms of Use. Accept the Terms
of Use by pressing OK at the bottom of the page.
Continued on page 7
Version 1.0 9/17/2012
UNCLASSIFIED 7
Step 5
The browser will present the OWA redirect page. Press the hyperlink to https://web-mech.mail.mil/owa.
Step 4
The browser will prompt the user to unlock the CAC with a PIN. Enter the CAC’s PIN and press Done.
Continued on page 8
Version 1.0 9/17/2012
UNCLASSIFIED 8
Step 6
The PKard Reader App will prompt the user to select a certificate
to authenticate to DEE OWA. Select the Email Signing
certificate.
For questions or comments regarding Public Key Enablement (PKE), please submit information to:
Step 7
The browser will present the DEE OWA page. The user interface
for OWA is generally the same as in Internet Explorer.
NOTE: S/MIME secured email is not supported by the PKard Reader App. DEE OWA on PKard Reader will not encrypt, decrypt, digitally sign, or verify digital signatures on email.