Using DBsign on OS X/MacOS

Recent updates to OS X/MacOS and Java have raised many new questions regarding DBsign. In this document, we will address the most common issues that we see.

There are many web sites and forums out there with solutions to DBsign related issues. Some of this information is good, some is outdated, and some is completely wrong. If you have issues or questions regarding DBsign on OS X/MacOS, please contact us first and we will help to point you in the right direction.

If you need to contact us, you can do so HERE.

Frequently Asked Questions

Do I need to download the DBsign software?

No, there is no DBsign software to download and install on your Mac.

However, DBsign does require that Java be installed and configured properly to work in your web browser. You can check to see if java is working properly in your browser with the following web sites:

One (or both) of the pages listed above MUST be able to detect Java before any DBsign enabled web site will work. If Java cannot be detected, you must fix the problem before you can proceed further.

What version of Java do I need?

We recommend that you always have the latest version of Java installed on your Mac. New java updates are pushed out regularly, and it is important to keep up to date.

When new Java updates are made available, your old version my stop working properly. Security features in OS X/MacOS and Java itself will often disable (or lock down) previous versions of the Java plugin from working in your browser.

It is very important to always keep your Java installation up to date. You can download the latest versions of Java from HERE.

What web browsers are supported?

Any browser that supports the Java plugin should work for DBsign.

On OS X/MacOS, the Java plugin is 64-bit only; this means that only 64-bit browsers are supported. Safari and Firefox both support the Java plugin; however, Chrome is a 32-bit only browser and does not run Java. For this reason, DBsign will not run in Chrome on OS X/MacOS.

How do I configure Safari to run DBsign?

In order to grant the necessary permissions to web sites running DBsign, we must edit Safari's security preferences.

From the "Safari" menu, choose "Preferences"and then go to the "Security" tab. Here, you will see a button that says "Manage website settings...". You you click on the button, you will see something like this:

Safari 9 (and earlier)

Locate each web site that uses DBsign in the list (our site, the Defense Travel System site, etc). In the drop down box to the right of the web site address, choose "Run in Unsafe mode". This gives DBsign all the permissions it needs to run properly. DO NOT change this setting for web sites you do not explicitly trust.

If you do not see the proper web site in the list, you will need to visit that site and attempt to use DBsign. You will most likely receive a DBsign error, but the web site should now be included in this list. You should be able to change its settings now.

Safari 10 (and later)

Starting with Safari 10, the option to toggle "Safe mode" still exists, but it is hidden.

Now, when you go to set DBsign/Java to run in "unsafe mode", the only options are "Ask", "Off", and "On":

However, if you press and hold the "alt/option" key on your keyboard, you are given more options:

Make sure that "On" is checked, and "Run in Safe Mode" is unchecked.

How to I test DBsign?

We have a test page here:

If Java is working, and DBsign is able to load, you will see a page that looks like this:

If the pages just sits there with a "Loading DBsign..." message, then Java is probably not working properly. See the section above for information regarding checking your Java version.

If you get an error message when loading this page, please contact us for help.

If the page loads properly, you should be able to click on the "sign" button in the middle of the page. This will tell DBsign to generate a digital signature using one of the certificates on your computer or smart card. If no error occurs, your page will look like this (with signature information filled out):

If you get an error message when attempting to sign, please contact us for help.

How do I fix a 305 error code?

305 errors generally indicate that Safari has not been configured properly. See the seciont above concerning Safari configuration.

How do I fix a 112 error code?

The 112 "no signing certificates" error usually means that DBsign was unable to find any usable certificates on your computer. This can happen if your CAC certificates are either expired or revoked; however, it is more likely that you either do not have CAC enabling software (or middleware) installed or it is not working properly. Mac OS X does not support CACs out of the box, so you have to install some extra software to make it work.

If you have not installed CAC middleware, the web site has an excellent writeup with a list of the most popular options and instructions for installing them:

We have used CACkey and Centrify Express (both free options with limited support), and PKard (about $30, but excellent phone/email technical support from Thursby Software).

Just make sure that you have some CAC enabling software installed and working, then try again.You'll know it's working when you can see your CAC in the key chain list (upper left hand section) in the Key Chain Access application on your Mac. You should be able to pull your CAC out and your name will disappear from the list, and then plug it back in and your name will appear in the list again. This lets you know that the CAC software is installed and working. DBsign will not be able to use your CAC until this is working. Try accessing some military CAC enabled websites such as web mail or portals. Can you login successfully with your CAC on those sites? Usually if that works, DBsign will work.

How do I fix a 139 error code?

If you are getting prompted to select between two certificates, then this might be because 1 of them usually does not work. This is not a DBsign thing, but it is some kind of incompatibility between OS X and the CAC. So, I tell people to remember the last 2 digits of the serial number of the cert that works and always use that one. The serial number should be shown below the list of certs on the certificate prompt dialog.

If that doesn't work, then I would try rebooting your Mac. This actually does fix 139/132 problems sometimes and it's easy to do. But before you reboot, unplug your card reader from the Mac and also unplug the card from the reader. Then reboot. After you are logged back in, plug the reader back into the Mac and then put the card in the reader. Then try accessing some CAC enabled military portals or web mail.

Also, when you are prompted for a keychain password, this is actually your CAC PIN. Some users enter their OSX password here and end up locking their CAC card (3 failed PIN entry attempts will lock the card). If it gets locked, you have to take it to an LRA or a badge office or something to get it unlocked.

Sometimes these symptoms are caused by installing two different types of CAC software at the same time. They conflict with each other and cause these symptoms.

Try accessing some military CAC enabled websites such as web mail or portals. Can you login successfully with your CAC on those sites? Usually if that works, DBsign will work. If not, then there seems to be an issue with your CAC software. I would uninstall any and all CAC software that you installed and only install one. For instructions on uninstalling, see here: Be sure and reboot the Mac after every install and uninstall. Uninstall them all, then install only one. We use CACKey here. Also, Thursby PKard for about $30 is good and they offer excellent support.

Still having problems?

If you still need some help, please contact us.