Windows Setup

CAC Setup for Windows

Complete installation guide for Windows 10 and Windows 11 systems.

Requirements

Windows 10 (version 1909 or later) or Windows 11
Administrator privileges for software installation
USB smart card reader
Active internet connection

Connect Your CAC Reader

Connect your USB smart card reader to an available USB port. Windows should automatically detect and install basic drivers.

Verify Reader Detection:

Open Device Manager (Win + X, then select Device Manager)
Look for "Smart card readers" category
Your reader should be listed without any warning icons

Install DoD Certificates

Download and install the latest DoD PKI root certificates from the official DoD Cyber Exchange.

Download Location

public.cyber.mil/pki-pke/tools-configuration-files

Installation Steps:

Download "InstallRoot" certificate bundle (ZIP file)
Extract the contents to a folder on your desktop
Right-click on "InstallRoot.exe" and select "Run as administrator"
Follow the prompts to install all certificates
Restart your computer when installation completes

Install Middleware (Optional)

Windows 10/11 includes built-in smart card support, so middleware is often optional. However, some users prefer additional software for enhanced functionality.

Option 1: Use Windows Built-in Support (Recommended)

Windows 10 and 11 have native smart card support. After installing DoD certificates, your CAC should work with Chrome and Edge without additional software.

Option 2: Install ActivClient

ActivClient is commercial middleware that provides additional features and troubleshooting tools. It's commonly used on government computers.

Note: ActivClient may require a license for personal use. Check with your organization.

Option 3: Install OpenSC (Free)

OpenSC is free, open-source middleware that works well on Windows.

Download OpenSC

Configure Browsers

Chrome & Edge (Chromium)

These browsers automatically use Windows certificate store. No additional configuration needed after certificate installation.

Firefox

Firefox requires manual configuration:

Open Firefox and go to Settings
Navigate to Privacy & Security → Security → Security Devices
Click "Load" to add a new module
Module Name: OpenSC PKCS#11
Module Path: C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll
Click OK and restart Firefox

Test Your Setup

1. Insert your CAC into the reader (chip side up)
2. Open Chrome or Edge
3. Navigate to a CAC-enabled test site (e.g., my.af.mil or milconnect)
4. You should be prompted to select a certificate and enter your PIN
5. Select your authentication certificate and enter your PIN

Success!

If you successfully logged in, your CAC is working properly on Windows.

Having Issues?View FAQs