Installing DoD Certificates - Technology
Installing DOD Certificates
Many enterprise IT systems at NPS make use of SSL certificates issued by the DOD. If your browser doesn't trust them, you may run into issues. Reinstalling the certs is always a good step in troubleshooting as well. Get started with installing the latest certificates by reviewing the tutorials below.
The InstallRoot application is the simplest and most straightforward way to install all DOD certificates in your windows operating system, and supports Internet Explorer, Chrome, Firefox, and Java.
- Select your corresponding computer architecture type from the links below: (NIPR Windows Installer, for SIPR certificates access DISA's site directly from a SIPR machine)
- Once downloaded, install the file and run InstallRoot.
- Install required certificates. A more detailed explanation with pictures is shown below.
- Restart your browsers for the changes to take effect (all windows!).
- In some cases you may have to clear the cache of the browser you are using.
Download the Install Root Software here:
Double-click the installer and click next.
Select the desired folder to install to or continue by clicking next.
Leave the defaults checked and click next.
After the installation finished click run InstallRoot.
If Firefox, Java, or both programs are installed on your computer you will be asked if you would like to install the certificates in their respective certificate stores. Select yes if you are accessing DOD sites that use Java or if you access DOD sites with Firefox.
Close the Quick Start pop up.
Click Install Certificates in the top left corner. If you click the drop down next to the red ribbon you should see a green check mark next to the certificates.
More information on certificates and other tools can be found via DISA: https://public.cyber.mil/pki-pke/tools-configuration-files/.
Download the latest DoD root certificates here: DoD RootCerts file.
- Under "Additional Considerations" search for "PKCS# DoD"
- Download and extract the latest certificates; e.g., "PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11"
- Open the Keychain Access application if it's not already running.
- Drag certificates in the folder to the login section of the Keychain Access.
- Click 'Add' to pop-up adding all certificates to login keychain (must click add to every certificate.).
- Once all certificates have been added double click DoD Root CA 3 and 4 certificates, select Trust and change 'When using this certificate' from 'User System Defaults' to 'Always Trust'.
- Confirm your changes by entering an administrative password.
There should be 55 DoD certs available in the Mac Keychain Access Utility.
MUST USE SAFARI WEB BROWSER
1. Download the DoD Root CA 3 cert here: DoD Root CA 3.
2. Click Allow to download configuration profile.
3. Go to Settings > General > Profiles and Device Management and tap on DoD Root CA 3.
4. Tap Install and enter your passcode if asked.
5. Tap Install 2x to install certificate.
6. Tap Done on top right
7. Go back to Settings > General > About > Certificate Trust Settings.
8. Toggle on DoD Root CA 3 and click Continue.