Unable to login with CAC on MAC HIGH SIERRA 10.13.6

Hi,

I am unable to login to the sites I need via my card reader. I have tried on both Chrome and Safari. The military login site gives an error of "No Client Certificate presented".

I have removed the built-in CAC enabler for High Sierra as suggested on another website, so only Centrify remains (or at least I think I have).

First, I noticed on the Diagnostics instructions that it says to open Keychain and make sure the smart card reader is there. I don't see the smart card reader in there anywhere, but the status on Centrify does say "Authentication Attempts Remaining: 3". Is there something I need to do to get it into Keychain? Or perhaps I'm not looking for the right thing in Keychain.

Any help is greatly appreciated!

I ran diagnositcs and here is my log:

Smart card: THOMPSON.ROBERT.EARON.116531080
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
** This certificate has no NT Principal Name
** This certificate has not been mapped to any user
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41
Not valid before: Mon Nov 11 09 16:13:56 2015 UTC
Not valid after: Tue Nov 11 09 16:13:56 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41 not found
** This certificate cannot be used for pkinit
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
Email Address: robert.e.thompson202.mil@mail.mil
NT Principal Name: 1165310809@mil
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41
Not valid before: Mon Nov 11 09 16:05:27 2015 UTC
Not valid after: Tue Nov 11 09 16:05:27 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41 not found
This certificate can be used for pkinit, testing:
** Data signing failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Signature verification failed: Unknown PKCS#1 padding type 0x1d
Public key encryption succeeded
** Private key decryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Private key encryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Public key decryption failed: Unknown PKCS#1 padding type 0xad
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
Email Address: robert.e.thompson202.mil@mail.mil
** This certificate has no NT Principal Name
** This certificate has not been mapped to any user
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.39,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41
Not valid before: Mon Nov 11 09 16:05:27 2015 UTC
Not valid after: Tue Nov 11 09 16:05:27 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-41 not found
** This certificate cannot be used for pkinit
Certificate: /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=USA/CN=THOMPSON.ROBERT.EARON.1165310809
NT Principal Name: 1165310809121004@mil
Not valid before: Thu Jun 06 07 00:00:00 2018 UTC
Not valid after: Mon May 05 20 23:59:59 2019 UTC
This certificate is valid
Policies specified: .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13,
Issuer: /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41
Not valid before: Mon Nov 11 09 16:13:56 2015 UTC
Not valid after: Tue Nov 11 09 16:13:56 2021 UTC
This certificate is valid
This certificate is trusted by the domain
Policies specified: .2.16.840.1.101.2.1.11.36, .2.16.840.1.101.2.1.11.39, .2.16.840.1.101.2.1.11.42, .2.16.840.1.101.3.2.1.3.13, .2.16.840.1.101.3.2.1.3.17,
Require Explicit Policy at depth 0
** Could not get issuer certificate: Issuer certificate for /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID CA-41 not found
This certificate can be used for pkinit, testing:
** Data signing failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Signature verification failed: Unknown PKCS#1 padding type 0xc3
Public key encryption succeeded
** Private key decryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Private key encryption failed: CSSM_DecryptData failed: CSSMERR_DL_INTERNAL_ERROR
** Public key decryption failed: Unknown PKCS#1 padding type 0xc3