STEP 3: INSTALL the Department of Defense (DoD) CERTIFICATES
InstallRoot installs the DoD Root certificates onto your Windows computer
If the website you are visiting is prompting you with the message the site is not trusted, you have received a new CAC, or your DoD website worked up until recently and doesn't now, you need to update your DoD certificates.
DOD InstallRoot 3.16a was issued on 22 February 2013
Run the InstallRoot_v3.16A.exe file from inside the zip file.
InstallRoot Installation Instructions:
Select Run when prompted to Run or Save the file, you will see a black DOS window show on your screen, and have words scrolling in it. When it goes away, you have installed the DoD certificates on your computer.
NOTE: Windows 7, 8, & Vista may see a message that the file might not have installed correctly. Select "This program installed correctly."
You can now install both the InstallRoot 3.16a and the Cross Cert Removal tool 1.10 in one single file which was created by the Army Network Enterprise Technology COMmand (NETCOM)
This file is designed for Home Users ONLY, you can download it from:
MilitaryCAC https://militarycac.com/files/HomeUserCertTool_V03.zip or
NOTE, It seems that the 3.16a version is adding the "bad" certificates, so, go to slide 15 of this guide to see how to remove them, (OR use the file above)
PROCEED TO STEP 4 - INSTALL ACTIVCLIENT
Alternate download links for the DoD certificates:
Your Internet Explorer may prompt you with a banner stating it blocked this site from downloading files to your computer. Click the box for the option to Download File. Nothing will happen, go back and click the link again above. Now you'll see the option to Run, Save, or Cancel.
DISA's IASE PKI and PKE Tools webpage
Scroll down to the Trust Store Management section and click on: InstallRoot 3.16 A, then click on (ZIP Download) Size: 1,803 KB. Save it to your computer, then double click the folder titled: unclass_installroot_v3.16a.zip, open: InstallRoot_v3.16A, Windows, then run InstallRoot_v3.16A.exe. Now you have the same file as above. (only with a lot more steps)
Navy Information Assurance website
https://infosec.nmci.navy.mil/PKI/installroot_v3.16a.exe (Requires CAC)
Select Run when prompted to Run or Save the file, you will see a black DOS screen show on your screen, and have words scrolling in it. When it goes away, you have just installed the DoD certificates on your computer.
NOTE: Windows Vista & 7 may show a message that the file might not have installed correctly. Select "This program installed correctly."
A certificate is a digital document providing the identity of a Web site or individuals. DoD Web sites use a certificate to identify themselves to their users and to enable secure connections. If you are receiving a warning that a site is untrusted / insecure, you will need to install the "DoD Certificates." In order to access sites enabled with a DoD PKI certificate without being prompted to accept the DoD Certificate chain at each log on [like Firefox and Safari do], people using Internet Explorer and Chrome should install the certificates. These are separate from the personal certificates that are on your CAC, but they are related.
How can you (or your web server) trust the identity of someone over the network? An infrastructure of trusted third parties has been put in place to distribute trust between end-users. This infrastructure verifies that we are who we say we are. If we trust the DoD PKI infrastructure, then the infrastructure can vouch for us to trust others that have certificates issued from the DoD PKI.
Click to see full size image
The DoD PKI Infrastructure is comprised of two Root Certification Authorities and a number of Intermediate Authorities. If all of the DoD root certificates are not installed on your computer, various applications will not be able to trust all DoD PKI certificates.
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Last Update or Review: Saturday, 16 November 2013 19:38 hrs
The following domain
names all resolve to the same website: ChiefsCACSite.com,
CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us