There are a few steps you need to take in order to use your DoD CAC / smart card with google chrome in Linux. Here are the steps I took…
First, install all the DoD root certs by following the directions in this post.
Then install some packages. The following packages are necessary to complete the configuration.
- pcsc-lite
- perl-pcsc
- pcsc-tools
- ccid
- opensc
- nss-tools
- coolkey
Install PSCS Smart Card Libraries and tools (yum or dnf):
sudo dnf install nss-tools pcsc-lite perl-pcsc pcsc-tools ccid opensc coolkey -y
or
sudo yum install nss-tools pcsc-lite perl-pcsc pcsc-tools ccid opensc coolkey -y
Now make sure chrome is closed and run the following command from your home directory:
modutil -dbdir sql:.pki/nssdb/ -add "CAC Module" -libfile /usr/lib64/pkcs11/libcoolkeypk11.so
That is it… You should now be able to open Google Chrome and use your CAC for authentication on websites.
UPDATE: One of our readers came across an issue where they didn’t have modutil command. If this happens, you have to install the latest version of nss-tools.
sudo dnf install nss-tools
Good luck!
No modutil program
You may need to install the latest nss-tools package. I have updated the blog with this information, thanks!
i get the following error:
modutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
Please make sure the path is correct in your command. If you are still having issues, please post the command you are using or contact me though the contact link at the top of the page.
Worked perfect on RHEL, thank you so much!
I am happy it helped!
On Ubuntu/Kubuntu 19.10, the correct path is /usr/lib/pkcs11/libcoolkeypk11.so otherwise, you will get an error stating the path may be incorrect. Also, I could not find the nss-tools package on 19.10 but it was not needed for modutil and these instructions still worked for me. Thanks