Skip Ribbon Commands Skip to main content

IASE content is currently preparing to migrate to the DoD Cyber Exchange.
Please see for updates to PKI/E content until the DoD Cyber Exchange goes live.


To get started you will need:

  • CAC
  • Card reader
  • Middleware

You can get started using your CAC with Firefox on Linux machines by following these basic steps:

  1. Get a card reader.
    At this time, the best advice for obtaining a card reader is to work with your home component to get one. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader.
  2. Obtain middleware.
    You will need middleware for Linux to communicate with the CAC. The CoolKey PKCS#11 module provides access to the CAC and can be installed using Linux package management commands.
    • For Debian-based distributions, use the command apt-get install coolkey
    • For Fedora-based distributions, use the command yum install coolkey. The CoolKey PKCS #11 module version 1.1.0 release 15 ships with RHEL 5.7 and above and is located at /usr/lib/pkcs11/

    If you prefer to build CoolKey from source, instructions are included in the Configuring Firefox for the CAC *PKI guide.
  3. Configure Firefox to trust the DoD PKI and use the CAC.
    To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is being used to perform revocation checking.

Next Steps

Your internet browser is now configured to access DoD websites using the certificates on your CAC. Now that your machine is properly configured, please visit our End Users page for more information on using the PKI certificates on your CAC.