No Client Certificate Presented For Af Portal On Mac



Regarding 2): AF Portal can be accessed by CAC, only if your CAC has been registered with Portal ahead of time. Although I could get to Portal with a username/password, Gunter Annex could not help register my CAC from within Portal. I will go back to work, register the card again, and see if it works from home. I'm trying to get my new laptop setup to allow me to log into AF Portal, but I am hitting a massive roadblock. Right now, I can't even get IE/AF Portal to even attempt to prompt for my CAC card certificates, even though they're showing up in the certificates window under internet settings content. Another 'no client certificate presented' Been trying to look around before I decided to ask, but I have nothing showing up in my person certificates section on ako. Tried closing all my browsers and re plugging in everything.

Created On 09/26/18 13:48 PM - Last Updated 04/20/20 23:58 PM

Symptom

Symptoms

An error, 'Valid client certificate is required,' displays on the Firefox browser while accessing the portal address:

Diagnosis

GlobalProtect is configured with Certificate Authentication for the client.
The client certificate has been added in the 'personal' certificate store of the end user.
Other browsers like Chrome and IE are able to connect to the portal address successfully.


Resolution
  • The error, 'Valid client certificate is required' while accessing the portal address displays when
    the browser is unable to fetch the certificate to present it to the portal for authentication.
  • Here, the client certificate has already been added in the personal certificate store of the computer, so Chrome and IE are able to sync this certifcate from this personal store.
  • If the same error displays in Chrome or IE, please verifiy that the certificate is present in the personal stores of these browsers.

No Client Certificate Presented For Af Portal On Mac Download

For Firefox, the client certificate is not present in the 'Your Certificates' store, as seen below. Therefore, the browser is unable to present it to the portal for authentication:



Firefox maintains a separate store, compared to Chrome or IE, so the certificate must be explicitly imported.
Add the certificate in the 'Your Certificates' store of Firefox:

1. Click Options > Advanced > Certificates > View Certificates > Your Certificates > Import
2. Select the Client Certificate from the computer and enter the password to import.
Note that Client certificate needs to be imported with the private key.
The added certificate can now be seen as follows:

Certificate


NOTE : If the same error displays on other browsers, the client certificate is required to be imported in the 'Personal Certificate' store of these browsers.


AttachmentsHere are the steps on how to install a CAC Reader for Mac:
  1. Ensure your CAC reader works with Mac
  2. Check to ensure your Mac accepts the reader
  3. Check your Mac OS version
  4. Check your CAC’s version
  5. Update your DOD certificates
  6. Guidance for Firefox Users
  7. Look at graphs to see which CAC enabler to use

Step 1: Purchase a Mac Friendly CAC Reader

Purchase a CAC reader that works for your Mac. There are only a couple that you can choose from and I’ve listed them below.

If you already have a CAC reader and it isn’t Mac friendly, you could update the firmware, however, for the non-tech savvy people out there, it’s probably better to just purchase a new one and save the headache – they’re only ~$11-13 dollars.

Best Mac Compatible CAC USB Readers

Best Mac Compatible CAC Desk Readers

Step 2: Plug in and Ensure It’s Accepted

Once you have your CAC reader, plug it into your Mac and ensure your computer recognizes it. If you have one of the CAC readers we suggested above, then you should be good to go.

If for some reason your CAC reader isn’t working, you may need to download the appropriate drivers for your CAC reader. You can find these drivers on the Reader’s Manufacturer Website.

Step 3: Update Your DOD Certificates

Now that you have your CAC reader connected and accepted on your Mac computer, it’s time to ensure you have the right certificates in order to access DOD CAC required web pages.

No Client Certificate Presented For Af Portal On Mac Os

No client certificate presented for af portal on mac download

Procedure for Chrome and Safari

  1. Type ⇧⌘U (Shift + Command + U) to access your Utilities
  2. Find and Double click “Keychain Access”
  3. Select “Login” and “All Items”
  4. Download the following five files and double click each once downloaded so as to install in your Keychain Access.
  5. When you double-click the Mac Root Cert 3 and 4, you’ll need to tell your browser to always trust them. Click the button like you see below:

Additional Steps for Firefox

No Client Certificate Presented For Af Portal On Macbook Pro

If you’re using Mozilla Firefox as your primary browser, you’re going to need to perform some additional steps. First, perform the same steps that you did for Chrome and Safari. Afterwards, follow these additional steps to get started.

  1. Download All Certs zip and double click to unzip all 39 files
  2. While in Firefox, click “Firefox” on the top left, then “Preferences”
  3. Then Click “Advanced” > “Certificates” > “View Certificates”
  4. Then Click “Authorities” and then “Import”
  5. Import each file individually from the “AllCerts” folder. When you do this, the below box will popup. Check all three boxes and click “OK”

Step 4: Download and install CAC Enabler

No Client Certificate Presented For Af Portal On Mac Osx

Choosing the right CAC enabler can be pretty tricky. It all depends on what OS you have installed, how you installed it, and even what kind of CAC Card you have!

No Client Certificate Presented Af Portal Mac

In order to get the right enabler, be sure to visit our trusty guide to Mac CAC Enablers! It’ll walk you through exactly which enabler is right for you.

CAC Access at Home Success

Now that you have a CAC reader, certificates, and a CAC Enabler, you should now be able to access any CAC-enabled website and log on using your CAC password and data.

Common Reasons Why Your CAC Card Won’t Work On Your Mac

Ensure Your CAC Card Meets the Standards: In order for your CAC card to work, it must meet the minimal requirements. Currently, there are only four types of CAC cards that can be used. The ensure you have the right CAC card for online access, flip your CAC card to the back and if you have one of the below numbers written on the top left, then you are good to go:

  • G&D FIPS 201 SCE 3.2
  • Oberthur ID one 128 v5.5 Dual
  • GEMALTO DLGX4-A 144
  • GEMALTO TOP DL GX4 144

If you do not have any of the above written on the back, then proceed to your nearest PSD to get a new CAC card issued.