You may need to configure your agency users to use their PIV credentials with Firefox to log into web applications. This can be tricky because Firefox supports a protocol (PKCS #11) that is not always natively supported by operating systems or the default drivers on operating systems.
This guide will help you configure Firefox for your users using an open source software package. In addition to open source solutions, commercial software may be used.
You are interested in learning more? Search for PKCS #11 for other resources available.
Install and Test OpenSC
First, you will need to install and test OpenSC. OpenSC will enable a PIV credential to work with the Firefox browser and some signing and encryption applications.
OpenSC has installers for multiple operating systems including Windows, MacOS, and Linux flavors.
- The installers and instructions can be downloaded directly from GitHub and the OpenSC wiki.
- View instructions and installation procedures for OpenSC
You need to consider some items that are specific for the US Government.
- Even if the computer is running a 64-bit OS, you will need to download both the 64- and 32-bit versions of OpenSC.
- You do not need to install the full packages for OpenSC.
- You can limit the packages to distribute to your enterprise workstations to just support PKCS#11.
- You can push the packages to the enterprise workstations using your enterprise configuration management tools.
Next, you have to configure Firefox to recognize the OpenSC drivers.
Launch Firefox and configure the driver:
- From the Firefox taskbar, click the Options icon (“wheel” shape).
- Click the Advanced tab > Certificates > Security Devices.
- At the Device Manager window, click the Load button and enter the certificate name: OpenSC PKCS#11 Module.
- Based on the OS, select the location of the pkcs11 driver. The default locations include:
|OS||Default driver location||File name|
- Click Open and verify that the module has been loaded.
- Click OK and restart Firefox.
- Next, browse to a web application that requires a PIV to authenticate. A common web application to use is Max.gov.
- Firefox will prompt you to select the PIV certificate