Install the Root DoD Certificates

DoD Certificates - Windows

INSTALL the Department of Defense (DoD) CERTIFICATES

First of all, this content is exactly a copy from the website https://militarycac.com/, and I only paste here the main content with some observations and tips. All the right is reserved and preserved to that amazing team!

So I imagine you are here for the same reason I was finding myself before.

You got your CAC Reader, but it's "not working," or you are seeing the same error as "There is a problem with this website's security certificate."

Don't stress about it, and try to follow exactly the same steps that I going to post here. Also, as I mentioned before, the content is totally copyrighted from the website, which saves my a**, too. And the best part is SAFE to do it.

The topic of this post is direct to Windows installer. If you are using a Macbook or an iOS / macOS system (Apple), I have another blog post for that too. Click "here".

The software InstallRoot is an automation for installing the DoD certificates onto your Windows computer.

I recommend using the Wizard for these steps because it looks easy, and if you don't know what you are doing, it will not "damage" anything in your machine. Now, on the other side, if you know what you are doing, I recommend that you just download the Certificates manually from the ZIP file in the link below.

The main problem is not that you are not accessing "normally" the DoD websites from your computer. It's because you need these certificates on your computer to access some of the content and DoD websites. Or, you may need to reinstall these certificates if the CAC-enabled website doesn't load, and then you will probably see a prompting with the message "there is a problem with the website's Security Certificate/site is not trusted."

Quick info: InstallRoot was created by DISA for Windows computers, if you have any problems with this file, please contact them.

-> The Automate way with InstallRoot: 

Windows users, Download InstallRoot 5.5 from:

MilitaryCAC (.msi version) (27.7 MB) or DoD Cyber Exchange (.msi version) (27.7 MB)**

**They are the same, just from different server in case the link not work.

NOTE: If you do not want to install the InstallRoot program or are having problems with the InstallRoot file, you can install the certificates manually by following the instructions in the next section of this post.

 After finish the download open the file and start to install the app first:

Click in NEXT >

Welcome to InstallRoot

Leave the default installation location, then select Next >

InstallRoot

 

Select Next >

InstallRoot Features

 

Select Install

Begin InstallRoot

Wait for it ...

Install in progress InstallRoot

Select Run InstallRoot

Success InstallRoot 

Click Install Certificates

If you have Firefox installed, you may see 2 or 3 tabs

InstallRoot Options

 

You may see this waring some couple of time:

Select Yes, (this screen may show 2 - 4 times) as it is installing each of the DoD Root CA 3, 4, 5, & 6 certificates

Security Warning InstallRoot

 

 Select OK (your number of Adds will vary)

InstallRoot More Options

Well Done! Outstand! Actually, let's first check if the certificates were installed correctly.

 

Check the Certificates in your pc:

Search on the windows menu for Internet Options

Internet Options Search 

Then:

Select Content (tab), Certificates (button)

Verify content

Find the Intermediate Certification Authorities (tab) scroll down the Issued To (column) to the letters DOD to verify you have:

DOD DERILITY CA-1

 CA-1

Then follow this for all the other CA-(x) Certificates
They going to look the same but are exist 3 types, Email, ID, SW.

 

DOD EMAIL -> CA-59, CA-62 through CA-65, and CA-70-73

CA-59 Email

DOD EMAIL CA-62 through DOD EMAIL CA-65

DOD EMAIL CA-70-73

 

DOD ID -> CA-59, CA-62 through DOD ID CA-65, CA-70 through CA-73

CA-59 ID

DOD ID CA-62 through DOD ID CA-65

DOD ID CA-70-73

 

DOD SW -> CA-60, CA-61, CA-66 through CA-69, CA-74 through CA-77

DOD SW CA-60 through DOD SW CA-61

DOD SW CA-66 through DOD SW CA-69

CA-74 through DOD SW CA-77

 

(sometimes Antivirus / Security programs won't allow these to be installed)

So, verify the DoD Root certificates installed also in the tab: Trusted Root Certification Authorities

CA-2 to 6

 All right! Everything is done for now!

I recommend you close all the applications and restart everything (even your pc, just in case).

Now try for example the main page for your orders, or for example on https://mypay.dfas.mil/#/

If you still seen this page "There is a problem with this website's security certificate.":

warning site

Or for example "Your Connection is not private":

Connection Error

Probably the install not worked and I suggest do the manual way. Download the Zip Version Below and go to the next blog post: INSTALL the Department of Defense (DoD) CERTIFICATES MANUALLY

-> The Manual way with the ZIP file:

MilitaryCAC (.zip version) (25.9 MB), or 

Michael posted an excellent explanation about what type of CAC you may have and some of the CAC readers in this video ( by militarycac.com)

And Again, a big thank you to you Michael J. Danberry, and the website that helps me a lot https://militarycac.com/.

 

 

Some important and extra information:

A certificate is a digital document providing the identity of a Web site or individuals. DoD Web sites use a certificate to identify themselves to their users and to enable secure connections. If you are receiving a warning that a site is untrusted / insecure, you will need to install the "DoD Certificates." In order to access sites enabled with a DoD PKI certificate without being prompted to accept the DoD Certificate chain at each log-on [like Firefox and Safari do], people using Internet Explorer and Chrome should install the DoD certificates. These are separate from the personal certificates that are on your CAC, but they are related.


Root Certificates

How can you (or your web server) trust the identity of someone over the network? An infrastructure of trusted third parties has been put in place to distribute trust between end-users. This infrastructure verifies that we are who we say we are. If we trust the DoD PKI infrastructure, then the infrastructure can vouch for us to trust others that have certificates issued from the DoD PKI.

DoD PKI infrastructure

The DoD PKI Infrastructure is comprised of two Root Certification Authorities and a number of Intermediate Authorities.  If all of the DoD root certificates are not installed on your computer, various applications will not be able to trust all DoD PKI certificates. 

DoD PKI Infrastructure

 

More information about this image can be found here:  https://iase.disa.mil/pki-pke/interoperability/Pages/index.aspx

 

Again, all the rights and respect to Michael J. Danberry

If you want to see more about this or have direct suggestions for him and the source of this content, you can find on the contact page, also some Disclaimer directly from https://militarycac.com/

And if you like the content, you can directly donate to him too HERE.

Thank you everyone for the support.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.