CAC not detected or TLS issue message in browser

Recently, some Windows 10 users have reported an issue connecting to HmC and other CAC-enabled website like Government webmail and DI2E, possibly related to a Windows 10 update.  Windows appears to be presenting CAC certificates to HmC and other CAC enabled sites incorrectly.  The problem manifests as one of the following in your browser:

  • In Edge or Internet Explorer: Can't connect securely to this page. This might be because the site uses outdated or unsafe TLS security settings.
  • In Chrome: This site can't provide a secure connection app.hmc.hpc.mil didn't accept your login certificate, or one may not have been provided
  • In Chrome: ERR_BAD_SSL_CLIENT_AUTH_CERT
  • Any browser: Client Certificate Not Found
  • In Firefox: Secure connection failed.  An error occurred during a connection to app.hmc.hpc.mil.  Unable to digitally sign data required to verify your certificate.  Error code: SSL_ERROR_SIGN_HASHES_FAILURE
Resolutions
FBCA Cross-Certificate Remover Tool

Most HmC users have reported success running the FBCA Cross-Certificate Remover from DISA:

Log in to HmC with another Certificate
  • If you usually log in with your CAC EMAIL certificate, try selecting your ID certificate (or vice versa)
  • Follow these instructions to add the certificate to your HmC account
Update Windows 10 to version 1809

Not all but most of the folks experiencing this issue seem to be on Windows 10 version 1803, although we have reports from other versions as well.  Here is a related article:

https://www.reddit.com/r/SCCM/comments/9687cb/are_you_deploying_windows_10_1803_do_your/

If the above options are not working, it may be worth upgrading Windows to version 1809.

Support Ticket

If none of these options are working, please let us know by sending a support ticket to: support@cons3rt.com, and please include the following info:

  • OS and specific version (e.g. Windows 10 version 1803).  You can find my searching About your PC and scrolling down to the bottom
  • Device: Corporate laptop, NIPR/GFE laptop, personal computer, etc.
  • Network: Corporate network, NIPR, home network, WiFi hotspot
  • Are you using a VPN?
  • Browser(s) Attempted including browser version
  • Other CAC Sites can you connect to the following with the same certificate:
  • Local TLS Settings: In Internet Explorer, go to Internet Options, "Advanced", and scroll down to see the TLS settings
  • Trusted Sites: In Internet Explorer, go to Internet Options, click "Security", and check if HmC needs to be added to trusted sites.  If so please add hmc.hpc.mil, app.hmc.hpc.mil, connect.hmc.hpc.mil, api.hmc.hpc.mil