To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate certification authority (CA) certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is being used to perform revocation checking.
Install the DoD Root and Intermediate CA Certificates
- Download the DoD PKI PKCS#7 CA certificate bundle. Save the file locally. Extract the zip file and navigate to the extracted directory structure.
- Open Firefox.
- Click Edit > Preferences in the Firefox menu bar.
- In the Preferences window, go to Advanced > Certificates > View Certificates.
- Select the Authorities
- Click Import…
- In the Import window, change the file type to All Files and then select Certificates_PKCS7_v<version>_DoD.der.p7b from the directory extracted in step 1. Click Open.
- In the Downloading Certificatewindow, check the following three checkboxes to trust the DoD Root CA 2 Certificate Authority:
- Trust this CA to identify websites
- Trust this CA to identify email users
- Trust this CA to identify software developers
- Click OK.
NOTE: All root and intermediate certificates will be imported. These certificates will show up under the “U.S. Government” heading in the Certificate Manager. To verify the root certificate authority is trusted, select “DoD Root CA 2” and click the Edit Trust… button. All three checkboxes should be checked.
- Click OKto close the Certificate Manager
- Click Close to close the Firefox Preferences window.