Trusting The DoD PKI And ECA PKI

1y ago
1.13 MB
10 Pages
Last View : 1m ago
Last Download : 1y ago
Upload by : Randy Pettway

Trusting the DoD PKI and ECA PKI in WindowsTrusting the DoD and ECA PKIs: an explanationIn order for Internet Explorer (and many other applications) to properly use certificates from the DoD’sECA PKI, you need to tell your computer to “Trust” the DoD ECA PKI. In order for your computer to Trustthe DoD PKI (and the certificates on most DoD web-enabled applications) you need to tell yourcomputer to Trust them, also. The US DoD has two PKI: DoD PKI is their internal PKI; DoD ECA PKI is thePKI for people outside of the DoD [External Certification Authority] who need to communicate with theDoD [i.e. you].Fortunately, the DoD has created a tool for Microsoft to Trust the DoD PKI and ECA PKI; the DoD PKEInstallRoot tool. Please note that the default ‘settings’ of the InstallRoot tool will only establish trust ofthe DoD PKIs in Microsoft. There are optional settings to trust the DoD PKIs in Mozilla applications.[However, due to recent changes in the Mozilla Firefox internal architecture, the current version of thetool will install into Firefox, but will not actually achieve certificate trust. We recommend obtaining yourcertificates via Internet Explorer.] If you are obtaining your certificates via Mozilla Firefox, you will alsoneed to establish trust of the DoD PKIs in Mozilla Firefox. Please be aware that this tool was created bythe DoD to work in Windows environment; it does not run on Apple operating systems.Unlike previous versions of InstallRoot, the version of the tool puts an application on your computer. Youthen run the application to install (or possibly remove) certificates from the Windows (and/or Mozilla)certificate stores. The application is inert except when you specifically run it. (In other words; you runthe application and it does its functions in seconds and then doesn’t do anything until you run it again).You can even un-install it after you use it and then re-install it later if desired.Please be aware that the DoD has a User Guide for this tool. If you do things that are not in ourinstructions, please see the User Guide for further reference. (Example: the tool can install JITCcertificates. These are test and evaluation certificates that are not recommended for the standard user.The User Guide can tell you more.)This help file was created using Windows 8.1 and Internet Explorer 11. If you are using a differentversion of Windows or Internet Explorer, what’s on your screen may look slightly different than whatyou see in the screenshots presented here.Page 1 of 10

Trusting the DoD PKI and ECA PKI in WindowsPart 1: Downloading the tool from DISA1. Using Internet Explorer, go to brary/? dl facet pkipke type tools.Page 2 of 10

Trusting the DoD PKI and ECA PKI in Windows2. Scroll down until you see the link for InstallRoot 5.2: NIPR Windows Installer. Click on the downloadlink that matches the type of Windows operation system (OS) you have (32-bit or 64-bit).If you don’t know whether your OS is 32-bit or 64-bit, you can find out by going to this article inMicrosoft’s Knowledge Base: Note: These instructionswere written using the 64-bit Installer, but the program will work the same for you if your system is32-bit. [InstallRoot 5.2 was the current version of the tool at the time this instruction was written.As the DoD improves the tool, the version number will increment. Use the version that is available.]You may download the User Guide if desired.Page 3 of 10

Trusting the DoD PKI and ECA PKI in Windows3. When Internet Explorer asks if you want to run or save the file, click Run.Note: That the installer file is signed with a DoD Code Signing certificate. But if your computer does not yet trustthe DoD PKI, it might say that this certificate is ‘invalid’. You should be able to find an option to “Run Anyway”.The tool fixes that problem.4. InstallRoot Setup Wizard will open. Click Next.5. Choose a file location allows you to choose where you want the program installed. Let it install inthe default location by clicking Next.6. InstallRoot Features contains three checkboxes, which will be checked by default. Leave bothchecked and click Next.Page 4 of 10

Trusting the DoD PKI and ECA PKI in Windows7. You’re now at Begin installation of InstallRoot. To begin, click Install. If your system asks you ifyou want to allow the program to run, click Yes.8. A quick installation will happen, and then the program will inform you that InstallRoot has beensuccessfully installed. Click Run InstallRoot.(Instructions continue on the next page.)Page 5 of 10

Trusting the DoD PKI and ECA PKI in WindowsPart 2: Running the tool1. When you first open the program, a series of message boxes may pop up. If you have any Mozilla(Firefox, Thunderbird, etc.) products installed on your computer, you will be asked if you want toadd the Firefox (or Thunderbird, etc.) certificate store(s) to InstallRoot. We recommend that youselect ‘Yes’ for each of them.2. If you Firefox (or Thunderbird, etc.) certificate store(s) is password protected (as they should be),you will be prompted to enter the password.Page 6 of 10

Trusting the DoD PKI and ECA PKI in Windows3. Two of the three items here are important to you: DoD and ECA. Look at the symbol on the far rightof each row. DoD will probably show a green checkmark, while ECA will probably show a red X. Clickon the X to change is to a checkmark. You want a a green checkmark for both DoD and ECA.For each certificate store where you wish to install, bothDoD and ECA Certificates should have green check marks.Click any red ‘x’ to make it a green check.Leave the JITC Certificates with the red ‘x’Page 7 of 10

Trusting the DoD PKI and ECA PKI in Windows4. When both DoD and ECA are marked with green checkmarks, click Install Certificates.5. You may receive a security warning from Windows asking if you want to install DoD Root CA 3 andvarious other DoD PKI and (DoD) ECA PKI root certificates. Click Yes for each dialogue box.Page 8 of 10

Trusting the DoD PKI and ECA PKI in Windows6. A box will pop up showing what actions were taken. The number of certificates installed, removed,or unable to be removed may differ from the screenshot here; as long as the number of certificatesinstalled is not zero, the operation was a success. Click the OK to close the box.Page 9 of 10

Trusting the DoD PKI and ECA PKI in Windows7. Congratulations! You’ve trusted the DoD and ECA PKIs! You may now close the InstallRoot program.8. InstallRoot will ask if you want to save. Click YesPage 10 of 10

The US DoD has two PKI: DoD PKI is their internal PKI; DoD ECA PKI is the PKI for people outside of the DoD [External Certification Authority] who need to communicate with the DoD [i.e. you]. Fortunately, the DoD has created a tool for Microsoft to Trust the DoD PKI and ECA PKI; the DoD PKE InstallRoot tool.File Size: 1MBPage Count: 10

Related Documents:

PKI belonging to the testers' organization, in this case the DoD PKI, is referred to as the Host PKI, and the external PKI to be tested is referred to as the Partner PKI. For the purpose of testing transitive trust, the third party PKI cross-certified with the Partner PKI but not the Host PKI will be referred to as the Third Party PKI.

The DoD PKI consists of the US DoD issuing certificates internally to US DoD end entities (like DoD employees and DoD web sites). The ECA PKI consists of vendors that are authorized by the US DoD to issue certificates to end entities outside of the US DoD that need to communicate with the DoD. You probably need to trust both the DoD PKI and ECA .

Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .

May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)

̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions

Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have

On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.

Our AAT Advanced Diploma in Accounting course is the intermediate level of AAT’s accounting qualifications. You’ll master more complex accountancy skills, including advanced bookkeeping, preparing final accounts, and management costing techniques. You’ll also cover VAT issues in business, and the importance of professional ethics - all without giving up your job, family time or social .