1

I use ActivClient and setup IIS to negotiate cert for CAC authentication. Currently the application is doing the following

  1. Asks for the certificate
  2. User selects certificate
  3. ActivClient prompts for pin and validates it
  4. Website loads the user and sends them to the landing page

Now here is where I'm having some problems. It seems that everything is working fine but once I redirect to the landing page I start getting a weird error.

Card Reader Error after authentication

I hit cancel a couple of times and I get this imageReselect certificate

After selecting the certificate again I either have to re-enter the pin on ActivClient or it accepts it and moves on.

Any ideas why this would be happening?

Thanks!

GameScrub
  • 177
  • 1
  • 11
  • 1
    Does this happen on all systems from which you try to access the server? It appears that you either may have old certificates on the system which are not those on the CAC itself (try clearing personal certificates in Control Panel / Internet Options and resetting ActivClient). Alternatively, it could be that your CAC version is too new for the ActivClient version to read the cert; I'd validate that you're on the latest release. – Sean Baker Sep 27 '15 at 15:00
  • Yes this happens on all the servers, even when I test locally. I used the installroot from the dod website to install the certificates necessary. The cac card is being validated properly by activclient. The weird thing is that if I use Fiddler and have it use the cac card there is not one popup other than the pin validation. Fiddler creates a bunch of dummy certificates and that is what leads me to believe I need to create some special certificates on my end. – GameScrub Sep 29 '15 at 16:27

0 Answers0