DoD install of certificates using TC tool did not work. However downloading and installing certificates from MilCAC website into IOS profile did. Had to install and trust each one separately. Four certificates read by Feitian BR301BLE could be inserted by never showed as trusted. Emailed 4 certificates to self and then loaded them into the IOS profile as trusted. After all this all the sites visited worked as advertised and all certificates came up as a choice. Everything working fine, except certificates in smartcard utility still showing as untrusted. So any way to show them as trusted? If the DOD tool doesn’t load correct certificates can there be additional instructions posted to user guide? Is there another method that might be more effective?
Definitely. See this article:
tim
Thanks for reply. I did use those instructions to load the profiles individually as the automated tool didn’t happen to load all the certificates for my CAC that were needed. Got it working, but could never get the 4 certificates from the CAC to show trusted in the Smartcard utility. Got them trusted in the iOS profile instead, which I believe essentially accomplished the same thing. Attached screen shots.
It’s working for every site I’ve tried, so it is a game changer to get untethered from laptop and being mobile. Just trying to clean up all the loose ends to make it better. It’s the curse of working in IT. 
This was the same with me. Configuration Profile provided didn’t work. Individually adding the 39 Certificates from AllCerts.zip did, though the certificates are still untrusted. Not that it has made much difference in accessing websites.
I also added all 39 DoD certs (roots and intermediates) and the certs from CAC show as “untrusted” in the Smart Card Utility app. However, I get a an “Error Sending PIN” notification after I enter my card PIN when prompted and am not able to access CAC websites, etc. Any clues on this issue?
I had to download the certificates from my CAC using a computer, emailed them to my phone and then uploaded them into my profile, so I could mark them as trusted. After that everything worked. The picture I attached from my phone shows those CAC certificates with my name on them. It seemed to be the trust of the certificates that were the issue, but not positive of that.
I had already used the “Email Certficates” feature of the Smart Card Utility to do this but it didn’t work. I did try your suggestion here and extracted them to my computer and transferred them to my phone, but I get the same result that the certs show as “untrusted” in the Smart Card Utility app even though they show as “validated” in the iPhone profiles section. I also have all of the DoD root and intermediate certs installed and enabled (all show as valid in the profiles section). I am no sure if the “Error Sending PIN” is related since others here who have their certs show as “untrusted” in the Smart Card Utility don’t have that issue. Thanks for responding!
Sounds like the certs in the smart card utility aren’t really there or inserted. The email certificates features works for me and all 4 of them show up in the email as attachments. Just tried it without the reader on or a card inserted. My suggestion would be to delete the smart card utility and reinstall it from scratch. When the app is installed and you reattach the reader and pull in the 4 certificates from your CAC it should show next to each certificate in the smart card utility with an “insert” button to the right. Then click on each certificate button to insert them. It’ll still say the certs are untrusted, but that didn’t seem to matter for me as it worked. There are a limited amount of registrations for the reader of which are about 4 or 5. I exceeded them when I was dorking around with it, but two canoes was very nice and sent me another one. Hopefully you won’t get to that point.
The email certificates also worked for me and my screen looks just like yours above (i.e., they show up as “untrusted”). I have deleted / reinstalled the app several times and have successfully inserted the certificates from my CAC. I am using a Feitian Bluetooth reader (model bR301) and am concerned there may be possibly an issue with this specific model and the TwoCanoes software instead of the certs. Another user here on the forum on a another discussion thread is having the same issue as me (“Error Sending PIN”) and I am trying to see if they are using the same or different reader.
I’m using the same reader as you if that helps any. IOS 15.2 on 11 Pro.
I just updated to 15.2 and also am using an iPhone 11 Pro, but still having the same issue. Note I am using the Feitian bR301 in the blue “C18” casing and not the black C45 casing which is the bR301 BLE model. Upon digging a little the bR301 is a Bluetooth 3 device (as its info shows on my Mac Bluetooth info when connecting to that) while the b301 BLE (Bluetooth Low Energy) is a Bluetooth 4 device. I even validated I have the latest firmware on the reader, too. So which Feitian Bluetooth reader are you using? Just to see if that’s a difference. Thanks for your responses here.
I’m using the 301BLE with the black case and blue tooth low energy. I think you’ve found the difference, but now the question is why this makes it behave differently. Sounds like an IOS version of a driver or interface between the different products and how they exchange data.