httpsclient-certificatescac

Get a client certificate off of a DoD CAC Card


I have a C application that uses LibCurl (LibCurl is a C API that makes an HTTP connection to a web server). Using LibCurl I need to download a file from an HTTPS server that requires a client certificate.

So far our technical solution works great.

My problem is that the client certificate that we need to use resides on a DoD CAC card. I need to be able to pull the client certificate off of the DOD CAC card (from within my C app) and either write it to a file or just reference the file on the CAC. This written or referenced file will then be specified as my client certificate in my HTTPS connection.

I do not know how to locate or reference the client certificate off the DoD CAC Card. Any help is very much appreciated. Thanks.


Solution

  • When activeClient publishes the CAC card certs to windows it should export the certs to the store. You may need to automate the exporting of the certificate from your local cert store to a file like .pfx or .p7b format. Maybe .cer, I don't know if that's possible. It'll need to be pwd protected.

    I don't think you can do it directly from the CAC card without an intermediary middle layer (like the cert store).