Return to site

How To Download Cac Certificates

broken image


  1. How To Download Your Cac Certificates
  2. How To Download Cac Certificates To Desktop
  3. How To Download Cac Certificates Windows 10

CAC Support: To obtain support for the CAC reader and drivers. You will be working remotely with to obtain the certificate and program files to download.

  • Video shows how to activate the Personal Identification Verification (PIV) Authentication certificate on a Common Access Card (CAC). Links referenced in the.
  • Select the DOD Class 3 CAC CA certificate if prompted and click OK. Ensure your CAC is inserted in the reader and double click on the message to be read. With the CAC installed, this function is transparent to the user. Department of Defense Public Key Infrastructure (PKI) Air Force Common Access Card (CAC) and PKI Usage Quick.
  • To read messages encrypted with your previous encryption keys, download your previous encryption keys from one of the Defense Information Systems Agency (DISA) Automated Key Recovery Agent (ARA) sites and install them on your workstation: Below are the websites available to recover you email certificate when you get a new CAC.

If you are attempting to access DoD SSL sites (such as ASFI (acquisition.army.mil), DIBBS (dibbs.bsm.dla.mil)), you may receive a warning message stating that you should not proceed. With some browsers (FireFox), you can add an exception to the warning and continue normally. In Chrome, you'll be stopped dead.

As of February 27, 2014, the DoD site supports only IE up to version 10 but not 11. The latest FireFox & Safari browsers will also be able to access the site as before but Chrome will present a warning message.

To get around this, you can install the DoD Root Certificates on your machine. This will allow your Web browser (Chrome, IE, Safari) to trust the identity of Web sites whose secure communications are authenticated by DoD.

Is this required? No, however, this will help you avoid Security Alert windows when you go to secure communication Web sites for various DoD agencies, including DTIC, DIBBS, AFSI. Future access to DoD Web sites may require certificates.

To do this correctly, you should download ALL of the certificates referenced here: http://dodpki.c3pki.chamb.disa.mil/rootca.html and import them into your Trusted Certificate Store. Here's How (Windows):

  • Browse to this site: http://dodpki.c3pki.chamb.disa.mil/rootca.html using IE 6.0 or later, or Firefox 3.0 or later. (You can't use Chrome for this page, it isn't supported by the DoD).
  • Right click on each of the certificates and download them onto your disk.
  • Open Certificate Manager by clicking the Start button , typing certmgr.msc into the Search box, and then pressing ENTER.‌ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click on Trusted Root Certificate Authorities, then Right Click and choose Import.
  • Import each of the certificates that you saved to disk.
  • As an option, you can import the certificates from Chrome. To do this, click the Wrench, Options, Under the Hood, Click the Manage Certificates Button, Click the Trusted Root Certification Authorities tab, then import each of the certificates.

If you have trouble with this feel free to give us a call and we'll step you through it online.

How to obtain and use DoD PKI/CAC Certificates to access www.iad.gov.

Accessing our Site

How To Download Your Cac Certificates

  • How are certificates used with this site and other protected IAD web sites?

    While some areas on this site are public, other areas require you to join the site in order to access the content.Most of the content can only be accessed if you have a Federal/DoD Public Key Infrastructure (PKI), Personal Identity Verification (PIV) or Common Access Card (CAC) installed in your browser. You do not need to join this site to see the public content. Portions of other IAD web sites also require DoD PKI/PIV/CAC certificates for access. Explicit instructions for joining other IAD web sites are outlined on each site. Your certificate will automatically be recognized after you register if it is correctly installed in your browser.

Common Site Certificate Access Errors

How To Download Cac Certificates To Desktop

  • Are you getting a site certificate error when trying to access a protected web site?

    This web site uses SSL protection to help secure our content. Access requires that a site security certificate is loaded into your browser. Some areas in this site can only be accessed if you have a Federal/DoD Public Key Infrastructure (PKI), Personal Identity Verification (PIV) or Common Access Cards (CAC) correctly installed in your browser. Portions of other IAD web sites also require PKI/PIV/CAC certificates for access. Access to these sites and pages requires both your personal certificate and site security certificate. There are two ways to avoid site certificate error messages:

    1. Import a DoD Root CA Certificate (preferred).
    2. Add an exception for the web site (Mozilla Firefox only) or create a Trusted Site (IE only).

    While adding an exception is the faster, easier process, you might have to repeat the process for multiple protected DoD web sites. Importing the DoD Root CA Certificate will take a few minutes, but it is the more thorough solution. You should only have to import it once per browser.

    You may see some other messages, usually alerts, rather than error messages, even when everything is installed correctly.

Obtaining a DoD PKI/CAC Certificate

How To Download Cac Certificates Windows 10

  • How do I obtain a DoD PKI client certificate?
    This site does not issue certificates , however one is recommended for easier and more secure access.
    DOD PKI client certificates include 1 identity, 1 email signature, and 1 email encryption certificate, and may be obtained from the DoD free of charge. DoD PKI certificates are available as software certificates (private keys stored in three .p12 files) or on Common Access Cards (private keys embedded in CAC). DoD Contractors may obtain CACs if their government sponsor deems it necessary.
    In order for you to obtain a DOD issued certificate users must fulfill one of three requirements:
    • Be active duty, reservist, or a DOD civilian.
    • The user must work on site at a military or government installation.
    • User is a DOD contractor that works on GFE equipment.
    If you do not work on DOD GFE, you will need to obtain IECA client certificates (identity, email signature and email encryption certificate). PKI client certificates issued by IECAs are available as software certificates only. The IECA vendors require payment for PKI client certificates.
  • How do I obtain a DoD PKI client certificate as a Civilian Contractor?
    Software Certificates may be obtained from the DoD if you fulfill one of the requirements listed above. You must contact your Local Registration Authority (LRA). Your DOD sponsor will be able to provide information on contacting your LRA. Obtain a 'Certificate Registration Instructions'(CRI) sheet from the LRA. The CRI contains your user number and one time password which you will need to obtain your personal DoD certificate. Provide the LRA:
    • Picture form of identification
    • A signed PKI User Responsibility Form
    Your LRA may request that you completeDD Form 2842. If so, please read theDD Form 2842 Instructions.
    If you do not fulfill one of the above requirements, anIECA/ECA certificate must be purchased from one of the three DOD approved vendors. More information is listed below in 'How do I obtain an IECA/ECA client certificate.'
    Hardware Certificates in the form of a CAC may be obtained by DoD Contractors if their government sponsor deems it necessary. Use the link listed below to determine the nearest DEERS/RAPIDS office.
  • How do I obtain a Common Access Card (CAC)?
    To obtain a Common Access Card (CAC), contact DEERS/RAPIDS personnel. To locate the nearest DEERS/RAPIDS office (1-800-372-7437), visit theRAPIDS Site Locator (accessible from all domains) and search by city, state, or zip code.
    Please note that a smart card reader and middleware are required for your Operating System to access the CAC PKI certificates. Eligible contractors must complete Section I and have their government sponsor complete Section III ofDD Form 1172-2 prior to visiting a DEERS/RAPIDS office.
  • How do I obtain an IECA/ECA PKI client certificate?
    To obtain -Interim- External Certificate Authority (-I-ECA) certificates, visit theIASE External Certificate Authority link (lists the 3 steps to obtain an -I-ECA certificate).
How To Download Cac Certificates

Have Questions?





broken image