UNCLASSIFIED DoD Public Key Enablement

DoD Public Key Enablement (PKE) Quick Reference Guide (QRG)
CAC-Enabled Web Browsing Using the Thursby PKard Reader Smart
Card Reader (SCR) and the Thursby PKard Reader Application
Contact: dodpke@mail.mil
URL: http://iase.disa.mil/pki-pke
This guide provides step-by-step instructions for initial setup and basic CAC-enabled web
browsing on an iOS device using the Thursby PKard Reader Smart Card Reader (SCR) and the
Thursby PKard Reader Application (App). These instructions were generated using an iPhone 4S
running iOS version 5.1.1 and the PKard Reader app version 1.0. The PKard Reader SCR was
model TSS-PK1 and ran firmware version 1.0.0.
Initial Setup
Step 1
Connect the SCR to the 30-pin port at the bottom of the iPhone
and insert the CAC.
Continued on page 2
UNCLASSIFIED
Version 1.0
9/17/2012
Step 2
From the iPhone, press the PKard Reader icon to start the
application.
Step 3
If this is the first time the device has run the PKard Reader App, it
will prompt you to register the product. Press No Thanks.
Step 4
If this is the first time the device has run the PKard Reader App, it
will prompt you to import Bookmarks from a pre-compiled list of
known CAC-Enabled websites that are interoperable with the
PKard Reader App. For ease of use, it is recommended you
import all bookmarks. Expand each category and select each
bookmark. Press Import.
Verifying Smart Card Continued on page 3
UNCLASSIFIED
2
Version 1.0
9/17/2012
Verifying Smart Card
Step 1
The PKard Reader App is now running and should look similar to
Safari, iOS’s native web browser. One notable difference is in the
upper right hand corner where an icon displays the Smart Card
Reader Status.
Step 2
There are eight possible Smart Card Reader Status icons:
-
-
-
-
-
No card reader attached indicates that the PKard
Reader SCR has not been connected to the iPhone.
Reader is being configured appears when the SCR is
first connected to the iPhone.
Reader is ready, no card inserted indicates that the
SCR is connected and awaiting the user to insert a CAC.
Reader is ready, card initializing indicates that the
SCR is connected, the CAC has been inserted, and the
PKard Reader application is determining the validity of the
card.
Reader is ready, card ready to use indicates that
verification of the CAC was successful and it is now ready
to be used.
Reader is ready, card powered off indicates that the
SCR has detected a CAC is present but that it is powered
off and not ready to be used.
Reader hardware failure indicates that the SCR is
present, but is not functioning. To correct this error,
reseat the SCR in the iPhone and restart the PKard
Reader App.
Smart Card failure or card not supported indicates
that there was a problem verifying the CAC. To correct
this error, reseat the CAC in the SCR and restart the
PKard Reader App.
Continued on page 4
UNCLASSIFIED
3
Version 1.0
9/17/2012
Step 3
To verify that the CAC is being properly read by the PKard
Reader, press Settings in the lower right corner.
Step 4
Press Show Settings.
Step 5
Under the Smart Card heading, press the blue circle to the right
of the Thursby Software icon.
Continued on page 5
UNCLASSIFIED
4
Version 1.0
9/17/2012
Step 6
Under the Certificates heading, press the Email Signing
certificate option.
Note: The Identity and Email Encryption certificates are also
viewable from this menu, but for the purposes of this guide, only
the Email Signing certificate is demonstrated.
Step 7
The PKard Reader App will display the Email Signing certificate
stored on the CAC.
Note: If the application does not display the identity certificate,
attempt one of the following troubleshooting procedures:
1. In the Settings Menu, under the Security heading, turn off
FIPS 140 Testing.
2. In the Settings Menu, under the Smart Card heading, press
Clear Certificate Cache, and then press Reload Certificate
Cache.
3. From the Browser window, press the Settings button and
select Secure Reset.
4. Press the Home button to leave the application. Double-tap
the Home button to open the task manager. Press and hold the
PKard Reader icon. Press the Red Circle icon that appears on
top of the PKard Reader icon to force quit the app. Press the
Home button to exit the Task Manager. Press the PKard
Reader icon to restart the application.
Using the PKard Reader Continued on page 6
UNCLASSIFIED
5
Version 1.0
9/17/2012
Using the PKard Reader
Step 1
To navigate to one of the CAC-enabled websites imported as a
bookmark in the PKard Reader App, press Bookmarks at the
bottom of the browser window, and then navigate to the desired
website and select it.
Note: You may also navigate to a desired CAC-enabled website
by entering the URL into the address bar. However not all CACenabled websites have been tested with the PKard Reader App
and may not function correctly. There is reasonable assurance
that the bookmarked websites have been tested for
interoperability with the CAC.
Step 2
For the purposes of this QRG, DoD Enterprise Email (DEE)
Outlook Web Access (OWA) was selected, but the following steps
will remain consistent for any of the bookmarked websites. DEE
OWA is located at U.S. Army → web.mail.mil.
Step 3
The browser will present DEE’s Terms of Use. Accept the Terms
of Use by pressing OK at the bottom of the page.
Continued on page 7
UNCLASSIFIED
6
Version 1.0
9/17/2012
Step 4
The browser will prompt the user to unlock the CAC with a PIN.
Enter the CAC’s PIN and press Done.
Step 5
The browser will present the OWA redirect page. Press the
hyperlink to https://web-mech.mail.mil/owa.
Continued on page 8
UNCLASSIFIED
7
Version 1.0
9/17/2012
Step 6
The PKard Reader App will prompt the user to select a certificate
to authenticate to DEE OWA. Select the Email Signing
certificate.
Step 7
The browser will present the DEE OWA page. The user interface
for OWA is generally the same as in Internet Explorer.
NOTE: S/MIME secured email is not supported by the PKard
Reader App. DEE OWA on PKard Reader will not encrypt,
decrypt, digitally sign, or verify digital signatures on email.
For questions or comments regarding Public Key Enablement (PKE), please submit information to:
dodpke@mail.mil
UNCLASSIFIED
8
Download PDF