Monday, November 2, 2009

Trouble with Windows 7/Internet Explorer and CAC?

Just a quick note about something I discovered- After upgrading my Windows XP virtual machine to Windows 7 x64 Professional, I was no longer able to access sites which required a DoD Common Access Card (CAC). Tinkering with Wireshark and Google Chrome finally appeared to reveal an answer: Windows 7 x64 (and possibly other versions, I don't know for sure) doesn't want to present a client certificate over anything but SSLv3.0.

So if you're having problems, be sure to go to Internet Options -> Advanced -> Security (Bottom of the list) and uncheck everything but SSLv3 as supported. That should reenable CAC authentication to DoD PKI websites.

3 comments:

Joseph said...

Thanks a ton! That worked like a charm. I've been beating my head against the desk for hours trying to figure out why it would go to "diagnose connection problems" as soon as I'd submit my credentials. This fix worked instantly. You are THE MAN!!!

Joseph said...

Thanks a ton! That worked like a charm. I've been beating my head against the desk for hours trying to figure out why it would go to "diagnose connection problems" as soon as I'd submit my credentials. This fix worked instantly. You are THE MAN!!!

Joe said...

I tried that and it did not work.