Solved problems with DBsign, military CAC issues

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
Colm
Level 1
Level 1
Posts: 5
Joined: Sun Jan 15, 2017 12:15 am

Solved problems with DBsign, military CAC issues

Post by Colm » Sun Jan 15, 2017 12:44 am

Despite own bumbling and technical ineptitude, I have managed to gain full functionality of my military CAC on webmail, AROWS, and DTS, on Linux Mint 17. Relevant and accurate online information was very difficult to find during this years-long process. If you are a linux CAC user who is having problem with issues such as:

Signing orders in AROWS
Signing DTS documents
Logging in to AF Portal, milconnect, or other CAC login-enabled sites
DBsign configuration
Java-CAC compatibility issues in general

Feel free to contact me. I'm no whiz, but I am happy to share solutions that worked for me. I am sure there are others in this small subset of users, who struggle(d) with these particular issues, and are out there, getting frustrated with google and the lack of good info available.

~Colm

User avatar
phd21
Level 17
Level 17
Posts: 7476
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Solved problems with DBsign, military CAC issues

Post by phd21 » Sun Jan 15, 2017 3:12 am

Hi "Colm", & Anyone Else Interested in this,

That's nice of you to offer for people who need it.

Do you have any specific details, instructions, and or web links to share?

Here is what I found below:

The following is a guide to assist in setting up your Linux computer to access CAC-enabled DoD websites from the general to the specific.
https://militarycac.com/linux.htm

Ian's TechBlog - CAC on Firefox using Ubuntu, October 7, 2015
https://cheesehead-techblog.blogspot.co ... -1504.html

Arch Linux regarding CAC, etc... 2017
https://wiki.archlinux.org/index.php/Common_Access_Card

US DoD CAC Setup Instructions for Ubuntu 10.4 LTS (32-bit) '2013
http://zxq9.com/dodcac/U10.4-LTS-32/Ubu ... TS-32.html

Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

Colm
Level 1
Level 1
Posts: 5
Joined: Sun Jan 15, 2017 12:15 am

Re: Solved problems with DBsign, military CAC issues

Post by Colm » Thu Jan 26, 2017 12:49 am

you've covered the most useful links, I think. they got me up and running with most CAC login websites. But I had to do a little more to get full functionality of DBSign (i.e. for DTS and AROWS)

For that, I will add this link to yours:
http://www.webupd8.org/2012/09/install- ... a-ppa.html

I've managed all of this by following the general directions on those websites, ultimately I have the following packages installed:
coolkey
cackey
pcsc-tools
pcscd
ca-certificates-java
oracle-java8-installer
oracle-java8-set-default

I added the webupd8team/java PPA for the last two packages. I had futzed around with update-alternatives quite a bit, without any apparent efficacy... finally the oracle-java8-set-default did the trick.

Note, I have a 64-bit machine, and I installed both the 32- and 64-bit packages for java and some other things, because for a while some websites only seemed to work with 32-bit software. Not sure if that is still necessary or not... likely not anymore, but if you get stuck you can try that possibility.

I had no problem with the SCR-family CAC readers that were available through my place of work.

Current Firefox (50.1.0) with the DoD certificates manually imported (66 of them). I switch the user agent to an "Internet Explorer 10" or earlier string for AROWS. None of the other websites care which browser I use. Make sure the Firefox java plugin in about:plugins points to the right java package, i.e. Oracle java (and not icedtea, which is probably a dependency of something else you've installed).

Finally, I had to configure Java with .../jre1.8.0_111/bin/ControlPanel as follows:
Security tab -> Exception Site List -> Add these websites:
https://arows.sscno.nmci.navy.mil/
https://dtsproweb.defensetravel.osd.mil
Advanced tab -> Advanced Security Settings ->
Check: Use TLS 1.0
Uncheck: Use TLS 1.1. Use TLS 1.2

All this is from trial and error over several years. I can't take much credit for figuring anything out, it's not due to me making any brilliant decisions. In fact I'm sure I have included some completely unnecessary steps, I just don't know which ones :lol: It's probably mostly to DoD systems improving their compatibility and 3rd party vendors updating and bugfixing their products, and general improved evolution of software working together the way it was supposed to in the first place.

But it does now work better on my linux machine than on 80% of the computers at work!

edit to add: If you get certificate problems blocking access to certain pages, don't get discouraged-- just clicking reload several times sometimes just works.

If someone gets stuck using these suggestions feel free to PM me I am happy to try to help, I am a sucker for punishment after all.

I am using Linux Mint 17.2 MATE 64-bit

nsgilmore1
Level 1
Level 1
Posts: 1
Joined: Fri Jan 05, 2018 6:00 pm

Re: Solved problems with DBsign, military CAC issues

Post by nsgilmore1 » Fri Jan 05, 2018 7:35 pm

Colm,
This is great stuff, and helped me out a ton. Thank You!
So far, I've got everything working except Arows.
Even with a custom user agent string: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
Arows still tells me that I'm on an unsupported browser. :(

The other Item I'm still struggling with is digital signatures on PDFs - What PDF editor / reader are you using for DoD work, and how did you end up configuring it?

Thanks in Advance!

Colm
Level 1
Level 1
Posts: 5
Joined: Sun Jan 15, 2017 12:15 am

Re: Solved problems with DBsign, military CAC issues

Post by Colm » Fri Jan 05, 2018 8:10 pm

So glad it helped someone. Here is my user agent string: "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)"

I currently use use Firefox ESR 52, the add-on "User Agent Switcher" 0.7.3.1 by "chrispederick".

Hope that helps further. I have not found any solutions to working with PDFs. I have a windows partition I use for that, or I just save it for the office. It will be super nice when secure/signed PDF functionality finally comes to linux.

Colm
Level 1
Level 1
Posts: 5
Joined: Sun Jan 15, 2017 12:15 am

Re: Solved problems with DBsign, military CAC issues

Post by Colm » Fri Nov 16, 2018 1:03 am

Update:
DBsign stopped working after I upgraded to Java 8 update 181. It actually broke the java plugin for firefox (52 ESR and prior versions), nothing specific to DBsign itself. DBsign is of course required for full AROWS functionality. Despite a web search, I wasn't able to find any other reports of this problem. I put some more detail in a [url viewtopic.php?f=47&t=281669]very similar post[/url] so I'll try not to duplicate here what isn't relevant to military CAC issues.

Save yourself the trouble, whoever may benefit from my toils. Don't upgrade to u181. If you did, don't worry, not all is lost. Revert to a prior build any way you can. I don't know which is the most recent build that still works, so if you know, please share. I went straight back to build 111 as a known prior, and things are working again for me. Because I am not a wizard with update-alternatives, was over-tired, and ran out of give-a-$h1t, I didn't revert very cleanly and I'm frankly shocked I didn't break anything else that uses other java versions. But if I can do it, so can you.

Please share any similar experiences!
Colm

Post Reply

Return to “Software & Applications”