UNCLASSIFIED

DoD Public Key Enablement (PKE) Quick Reference Guide (QRG)

CAC-Enabled Web Browsing Using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application Contact: dodpke@mail.mil URL: http://iase.disa.mil/pki-pke

Continued on page 2

This guide provides step-by-step instructions for initial setup and basic CAC-enabled web browsing on an iOS device using the Thursby PKard Reader Smart Card Reader (SCR) and the Thursby PKard Reader Application (App). These instructions were generated using an iPhone 4S running iOS version 5.1.1 and the PKard Reader app version 1.0. The PKard Reader SCR was model TSS-PK1 and ran firmware version 1.0.0.

Initial Setup Step 1

Connect the SCR to the 30-pin port at the bottom of the iPhone

and insert the CAC.

Version 1.0 9/17/2012

UNCLASSIFIED 2

Step 3

If this is the first time the device has run the PKard Reader App, it

will prompt you to register the product. Press No Thanks.

Step 4

If this is the first time the device has run the PKard Reader App, it

will prompt you to import Bookmarks from a pre-compiled list of

known CAC-Enabled websites that are interoperable with the

PKard Reader App. For ease of use, it is recommended you

import all bookmarks. Expand each category and select each

bookmark. Press Import.

Step 2

From the iPhone, press the PKard Reader icon to start the

application.

Verifying Smart Card Continued on page 3

Version 1.0 9/17/2012

UNCLASSIFIED 3

Step 2

There are eight possible Smart Card Reader Status icons:

- No card reader attached indicates that the PKard

Reader SCR has not been connected to the iPhone. - Reader is being configured appears when the SCR is

first connected to the iPhone. - Reader is ready, no card inserted indicates that the

SCR is connected and awaiting the user to insert a CAC.

- Reader is ready, card initializing indicates that the SCR is connected, the CAC has been inserted, and the

PKard Reader application is determining the validity of the card.

- Reader is ready, card ready to use indicates that verification of the CAC was successful and it is now ready

to be used.

- Reader is ready, card powered off indicates that the SCR has detected a CAC is present but that it is powered

off and not ready to be used. - Reader hardware failure indicates that the SCR is

present, but is not functioning. To correct this error,

reseat the SCR in the iPhone and restart the PKard Reader App.

- Smart Card failure or card not supported indicates that there was a problem verifying the CAC. To correct

this error, reseat the CAC in the SCR and restart the PKard Reader App.

Verifying Smart Card Step 1

The PKard Reader App is now running and should look similar to Safari, iOS’s native web browser. One notable difference is in the

upper right hand corner where an icon displays the Smart Card Reader Status.

Continued on page 4

Version 1.0 9/17/2012

UNCLASSIFIED 4

Step 3

To verify that the CAC is being properly read by the PKard Reader, press Settings in the lower right corner.

Step 4

Press Show Settings.

Step 5

Under the Smart Card heading, press the blue circle to the right of the Thursby Software icon.

Continued on page 5

Version 1.0 9/17/2012

UNCLASSIFIED 5

Step 6

Under the Certificates heading, press the Email Signing certificate option.

Note: The Identity and Email Encryption certificates are also viewable from this menu, but for the purposes of this guide, only the Email Signing certificate is demonstrated.

Step 7

The PKard Reader App will display the Email Signing certificate

stored on the CAC.

Note: If the application does not display the identity certificate, attempt one of the following troubleshooting procedures:

1. In the Settings Menu, under the Security heading, turn off FIPS 140 Testing.

2. In the Settings Menu, under the Smart Card heading, press Clear Certificate Cache, and then press Reload Certificate Cache.

3. From the Browser window, press the Settings button and select Secure Reset.

4. Press the Home button to leave the application. Double-tap the Home button to open the task manager. Press and hold the PKard Reader icon. Press the Red Circle icon that appears on top of the PKard Reader icon to force quit the app. Press the Home button to exit the Task Manager. Press the PKard Reader icon to restart the application.

Using the PKard Reader Continued on page 6

Version 1.0 9/17/2012

UNCLASSIFIED 6

Using the PKard Reader Step 1

To navigate to one of the CAC-enabled websites imported as a bookmark in the PKard Reader App, press Bookmarks at the

bottom of the browser window, and then navigate to the desired website and select it.

Note: You may also navigate to a desired CAC-enabled website by entering the URL into the address bar. However not all CAC-enabled websites have been tested with the PKard Reader App and may not function correctly. There is reasonable assurance that the bookmarked websites have been tested for interoperability with the CAC.

Step 2

For the purposes of this QRG, DoD Enterprise Email (DEE) Outlook Web Access (OWA) was selected, but the following steps

will remain consistent for any of the bookmarked websites. DEE

OWA is located at U.S. Army → web.mail.mil.

Step 3

The browser will present DEE’s Terms of Use. Accept the Terms

of Use by pressing OK at the bottom of the page.

Continued on page 7

Version 1.0 9/17/2012

UNCLASSIFIED 7

Step 5

The browser will present the OWA redirect page. Press the hyperlink to https://web-mech.mail.mil/owa.

Step 4

The browser will prompt the user to unlock the CAC with a PIN. Enter the CAC’s PIN and press Done.

Continued on page 8

Version 1.0 9/17/2012

UNCLASSIFIED 8

Step 6

The PKard Reader App will prompt the user to select a certificate

to authenticate to DEE OWA. Select the Email Signing

certificate.

For questions or comments regarding Public Key Enablement (PKE), please submit information to:

dodpke@mail.mil

Step 7

The browser will present the DEE OWA page. The user interface

for OWA is generally the same as in Internet Explorer.

NOTE: S/MIME secured email is not supported by the PKard Reader App. DEE OWA on PKard Reader will not encrypt, decrypt, digitally sign, or verify digital signatures on email.