You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

DOD CAC cross certificate error for mac while using chrome

Hi! I have a new DOD CAC with a PIV certificate. My CAC and reader work fine, I can log into other DOD CAC websites. My issue is with chrome and logging into web outlook.


When I log into web outlook, I select my ID certificate, and I'm prompted to enter my pin. But I get an "ERR_SSL_PROTOCOL_ERROR."


My PIV certificate is aligned with my work email. But web outlook seems to be treating my new certificate only as a digital signature cert and not as the auth certificate. Under "use" in the certificate, the description is "digital signature" and nothing else.


I recently updated to Big Sur 11.1. I deleted and updated all of my DOD Root certificates, and I troubleshot with the NMCI help desk to no avail. The tech thought I might have a cross-certificate issue, but he didn't know how to fix it on a mac.


Thank you!

MacBook Pro 16″, macOS 11.1

Posted on Jan 15, 2021 10:01 AM

Reply
Question marked as Top-ranking reply

Posted on Jan 15, 2021 11:40 AM

There are known DoD Certificate issues. MilitaryCAC.com has some instructions for installing and cleaning up those issues: https://militarycac.com/macnotes.htm#DoD_certificates


I recently got a new CAC and it only offers one certificate. It's version is CA-59 and has one extension for Digital Signature and one extension for smart card login and client authentication.


Have you tried in Safari? I always start a new private window when using OWA. That seems to force it to always ask for the certificate instead of guessing which one from keychain.

That reminds me, open Keychain Access and sort by the kind column on your login keychain.

Find any identity preferences for any of the sites you are having issues with and delete them. That way it can't try to use an old cert. I don't know how Chrome deals with the keychain, so it may have its own settings for cert cacheing.

Similar questions

2 replies
Question marked as Top-ranking reply

Jan 15, 2021 11:40 AM in response to KevDC

There are known DoD Certificate issues. MilitaryCAC.com has some instructions for installing and cleaning up those issues: https://militarycac.com/macnotes.htm#DoD_certificates


I recently got a new CAC and it only offers one certificate. It's version is CA-59 and has one extension for Digital Signature and one extension for smart card login and client authentication.


Have you tried in Safari? I always start a new private window when using OWA. That seems to force it to always ask for the certificate instead of guessing which one from keychain.

That reminds me, open Keychain Access and sort by the kind column on your login keychain.

Find any identity preferences for any of the sites you are having issues with and delete them. That way it can't try to use an old cert. I don't know how Chrome deals with the keychain, so it may have its own settings for cert cacheing.

DOD CAC cross certificate error for mac while using chrome

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.