Supported versions: Firefox 1.5 - 2.0.0.* ALL Thunderbird 1.5 - 1.5.0.* ALL

Notes / Comments: FAQ- I get an error when I try to import the 3 DoD Root Certificates. It says they cannot be verified and will not be imported, what do I do?This is a bug in Firefox 2.0.0.0 and 2.0.0.1. From what I can tell the certificates will actually import anyway. It will be fixed in the 2.0.0.2 release. For details see Mozilla Bug 360528.- How come I can't get into some websites and my OWA?This problem has been observed in all platforms for Firefox 2.0.0.1 only. The work around is to go into Options->Advanced->Encryption tab, choose "Ask me every time." You should choose your "Identity" certificate when prompted. For those that are interested in the details, they can be found in Mozilla Bugs 364583, 364587, and 328346.- What platforms does this extension work on?This extension should work on any platform, has been extensively tested on Windows, Mac OS X, and Linux. The probability is low that your CAC reader drivers will load on another platform, but everything else should work.- What do the different threat level settings do?* Low: Minimum security settings apply, Javascript and remote image loading is disabled.* Guarded: Low threat level settings, and also viewing and composing HTML e-mail is disabled.* Elevated: Guarded threat level settings, and also the preview pane is disabled.* High: Not yet implemented.* Severe: Not yet implemented.- I get an error about an SSL client certificate, what does that mean?In short it means that the page didn't load correctly. There is chance that it MIGHT require an SSL client certificate, insert your CAC and try again. If that still does not work, it is some other problem.- How come I am getting prompted for my PIN more than once?You probably have your CAC reader in "Security Devices" multiple times. In Firefox, go to Options->Advanced->Encryption tab, choose "Security Devices" Select one of the redundant devices and choose "Unload."- What's a CAC?CAC refers to the Common Access Card. This is the standard identification card for the U.S. Department of Defense. One of these is issued to everyone with a need for routine physical access to military installations. This includes enlisted, civilians, and contractors. For our purposes it acts as a token device or smartcard, used to encrypt/decrypt and sign e-mail. It is also heavily used as an access control method for DoD websites in the form of an SSL client certificate.- Do I need a CAC for this extension? What if I don't have a CAC?You do not need a CAC for this extension. If the extension cannot find a known CAC (smartcard) reader driver, you will not be prompted to configure one. CAC is only meaningful when accessing internal DoD websites, so if you don't have one before installing this extension you won't be needing one after.- What about smartcards?This extension supports the built in smartcard reader in OS X. If your smartcard reader driver has a PKCS11 module, let me know the path to it and I can add it to the list of modules to search for on install.- How can I customize this extension for my domain?As of version 0.5.0 you can set this in the extension options.- How do I go through the install install process again?Because of a limitation in how mozilla extensions work, uninstalling and reinstalling the extension will not bring up the initial install process for CAC drivers and certificates. To do this, you can change the configuration values. In Firefox, go to about:config. In Thunderbird, go to Tools->Options->Advanced->General->Config Editor. Set extensions.dod.version to 0 (zero). Restart Firefox/Thunderbird and the complete setup process will run.- How do I load the driver for my CAC/Smartcard software?I probably am not looking for the pkcs11 DLL/SO file for your particular software install. Do a search for *pkcs*.dll (Windows) or *pkcs*.so (Linux) and report back to me. You can load this module yourself as a security device. If it does not load, the DLL file is not compatible with Firefox/Thunderbird.- How do I know that this really does what it claims to do and isn't some type of backdoor?You can look at the source code yourself. A .xpi install file is exactly the same as a .zip file. Download it, change the name to end in .zip and unzip it. You can then view the full Javascript source code. I'd also encourage you to review public comments made on this website.- How do I know these are really the root certificates for DoD?Root certificates can be verified upon install by clicking on the View option. The fingerprints and other information can be verified at https://crl.gds.disa.mil.Known Issues - Version 0.6.1- DNS exception when offline (workaround is to turn off the "Warn if mail message could be forged" option)- Page will not redirect or prompt if in background tab (is there a need to fix this?)- CAC clarification error sometimes appears when it shouldn't- "Classification" menu appears when composing e-mail. This has no functionality yet.

Categories: Privacy and Security

Friend's:

Get a Freelance Job - Outsource Web Design & Programming | Dictionary - Define Words | Wordpress blog for FREE | Coupons: Threadless

Online Advertising, Free Advertising, Advertising, Free Advertising, Advertising

Powered by FF Extensions
Plug-in Categories ● Privacy Policy