DoD Issues New PKI Certification Authorities
The Department of Defense (DoD) Public Key Infrastructure (PKI) Program periodically deploys new Certification Authorities (CAs) to support ongoing issuance of Common Access Cards (CACs) and other PKI certificates to the DoD community. In order for computers to properly recognize these certificates, as well as be able to access some DoD websites, all of the current DoD CAs must be installed in browser trust stores.
The DoD PKI Program has deployed four new Certification Authorities (CAs): DoD CAs 31 and 32, and DoD EMAIL CAs 31 and 32. Administrators should ensure that system trust stores are updated to include these new CA certificates to support new CACs and other certificates issued from these CAs.
InstallRoot release 3.16 and InstallRoot for BlackBerry release 5.0.0.828, which will be available by March 1 from the DoD PKE site under “Tools,” include the newly deployed CA certificates.
Installation of the new CA certificates in system trust stores is critical to avoid denial-of-service issues for users issued CACs with certificates from the new CAs
Users of non-government-furnished computers will need to take steps to configure their machines properly. Additional details regarding setting up a non-government-furnished computer can be found on the DoD PKE “Getting Started” page. Users who have already followed these instructions in the past to configure their machines should only need to run the new InstallRoot 3.16 release to install the new CA certificates.
For additional information, please visit the PKI/PKE page on DISA’s Information Assurance Support Environment website, or contact the DoD PKE team at dodpke@mail.mil.
Sign up to receive PKI/PKE email updates.
Posted February 27, 2013