How to log in to Army email (CAC / Army 365) on Windows

How to
Radu Tyrsina
Radu Tyrsina Shield
How to
Reading time icon 3 min. read
Calendar icon EEST

Stuck at the certificate prompt or getting “No valid certificate,” “403,” or “Client auth required” when accessing Army email? On Windows, successful sign‑in usually comes down to a working CAC reader, DoD root certificates, the Smart Card service, and a clean browser profile.

Applies to: Windows 11/10   Time: 5–10 minutes   Skill: Intermediate

Before you start

  • Use a supported desktop browser (Edge or Chrome).
  • Have your CAC, PIN, and reader (USB) ready.
  • Temporarily turn off VPN/proxy content filters.

1) Verify the Smart Card stack

  • Reader detected: Plug CAC reader into a direct USB port (avoid hubs). In Device Manager, confirm it appears under Smart card readers.
  • Service running: Press Win+R, type services.msc → set Smart Card service to Automatic and Running. If it won’t start, see smart card cannot perform the requested operation.

2) Install or refresh DoD certificates

  • Remove stale/duplicate DoD certs from Manage user certificates if you’ve migrated recently.
  • Import the latest DoD Root/Intermediate certificates into Trusted Root and Intermediate Certification Authorities. For help, see install certificates on Windows 11.

3) Use Edge with a clean profile

  • Clear cookies/cache and restart the browser (see clear Edge cache).
  • Try InPrivate or a fresh profile to avoid cached cert selections.
  • IE mode (only if required by your portal): In Edge > Settings > Default browser, enable “Allow sites to be reloaded in Internet Explorer mode.”

4) Select the correct certificate at prompt

  • Choose your EMAIL SIGN certificate (not ID or PIV AUTH for OWA sign‑in).
  • If you see multiple, pick the one with the most recent expiration and correct UPN/email.
  • Enter your CAC PIN carefully. After 3–5 bad attempts, the PIN may lock and require a reset.

5) Still can’t sign in?

  • DNS or SSL errors: Disable VPN/proxy and check DNS availability.
  • 403/Client certificate required: Reimport DoD certs, then try a new Edge profile.
  • No certificate listed: Reinsert CAC, try a different USB port/reader, and confirm the Smart Card service is running.
  • PIN locked: Visit your servicing office to unblock PIN (RAPIDS).

FAQs

Which certificate do I pick? Use the one labeled EMAIL SIGN for OWA access unless your command specifies otherwise.

Why does Chrome fail but Edge works? Edge supports IE mode and tighter Windows cert integration, which some portals still expect.

Summary

  1. Confirm reader detection and start the Smart Card service.
  2. Install DoD roots/intermediates and remove stale certs.
  3. Use Edge with a clean profile; enable IE mode if required.
  4. Select your EMAIL SIGN certificate and enter the correct PIN.

Radu Tyrsina

Radu Tyrsina Shield

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages