Breadcrumb
Technology - Services - Installing DoD certificates

Installing DOD Certificates


Many enterprise IT systems at NPS make use of SSL certificates issued by the DOD. If your browser doesn't trust them, you may run into issues. Reinstalling the certs is always a good step in troubleshooting as well. Get started with installing the latest certificates by reviewing the tutorials below.

 

Technology - Services - DoD Certs Accordion

InstallRoot Tool

The InstallRoot application is the simplest and most straightforward way to install all DOD certificates in your windows operating system, and supports Internet Explorer, Chrome, Firefox, and Java

    • Select your corresponding computer architecture type from the links below:  (NIPR Windows Installer, for SIPR certificates access DISA's site directly from a SIPR machine) 
    • Once downloaded, install the file and run InstallRoot.
    • Install required certificates. A more detailed explanation with pictures is shown below.
    • Restart your browsers for the changes to take effect (all windows!).
      • In some cases you may have to clear the cache of the browser you are using.

 

Download the Install Root Software here:

 

Step 1:

Double-click the installer and click next.

Welcome to InstallRoot SetUp

 

Step 2:

Select the desired folder to install to or continue by clicking next.

Choose a file location

 

Step 3:

Leave the defaults checked and click next.

install root features

Step 4:

After the installation finished click run InstallRoot.

Install Root

 

Step 5*:

If Firefox, Java, or both programs are installed on your computer you will be asked if you would like to install the certificates in their respective certificate stores. Select yes if you are accessing DOD sites that use Java or if you access DOD sites with Firefox. 

Install Root - Firefox

Install Root pop up - Java

 

Step 6:

Close the Quick Start pop up.

DoD certs

 

Step 7:

Click Install Certificates in the top left corner. If you click the drop down next to the red ribbon you should see a green check mark next to the certificates.

install dod certs

 

More information on certificates and other tools can be found via DISA: https://public.cyber.mil/pki-pke/tools-configuration-files/.

 

Download the latest DoD root certificates here: DoD RootCerts file.

  1. Under "Additional Considerations" search for "PKCS# DoD"
  2. Download and extract the latest certificates; e.g., "PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11"
  3. Open the Keychain Access application if it's not already running.
  4. Drag certificates in the folder to the login section of the Keychain Access.
    test
  5. Click 'Add' to pop-up adding all certificates to login keychain (must click add to every certificate.).
    test
  6. Once all certificates have been added double click DoD Root CA 3 and 4 certificates, select Trust and change 'When using this certificate' from 'User System Defaults' to 'Always Trust'.
    test
  7. Confirm your changes by entering an administrative password.

    test

Notes:

There should be 55 DoD certs available in the Mac Keychain Access Utility. 

MUST USE SAFARI WEB BROWSER

1. Download the DoD Root CA 3 cert here: DoD Root CA 3.

2. Click Allow to download configuration profile.

Click Allow to download configuration profile.

3. Go to Settings > General > Profiles and Device Management and tap on DoD Root CA 3.

Go to Settings > General > Profiles and Device Management and tap on DoD Root CA 3

4. Tap Install and enter your passcode if asked.

Tap Install and enter your passcode if asked.

5. Tap Install 2x to install certificate.

6. Tap Done on top right

Tap Done on top right

7. Go back to Settings > General > About > Certificate Trust Settings.

Go back to Settings > General > About > Certificate Trust Settings.

8. Toggle on DoD Root CA 3 and click Continue.

Toggle on DoD Root CA 3 and click Continue.