On This Site
Using DoD PKI/CAC Certificates
On this Page:
Accessing our Site
- How are certificates used with this site and other protected IAD web sites?
While some areas on this site are public, other areas require you to join the site in order to access the content. Most of the content can only be accessed if you have a DoD Public Key Infrastructure (PKI) or Common Access Card (CAC) installed in your browser. You do not need to join this site to see the public content. Portions of other IAD web sites also require DoD PKI/CAC certificates for access. Explicit instructions for joining other IAD web sites are outlined on each site. Your certificate will automatically be recognized after you register if it is correctly installed in your browser.
Common Site Certificate Access Errors
- Are you getting a site certificate error when trying to access a protected web site?
Portions of this web site use SSL protection to help secure our content. Access to these areas require that a site security certificate is loaded into your browser. Other areas can only be accessed if you have a DoD Public Key Infrastructure (PKI) or Common Access Cards (CAC) correctly installed in your browser. Portions of other IAD web sites also require PKI/CAC certificates for access. Access to these sites and pages requires both your personal certificate and site security certificate. There are two ways to avoid site certificate error messages:
While adding an exception is the faster, easier process, you might have to repeat the process for multiple protected DoD web sites. Importing the DoD Root CA 2 Certificate will take about 2 minutes, but it is the more thorough solution. You should only have to import it once per browser.
You may see some other messages, usually alerts, rather than error messages, even when everything is installed correctly.
For guided step-by-step procedures, download the document version of this page Loading Certificates on Protected Web Sites . This document also includes step-by-step procedures for installing your DoD PKI Certificate, which are not covered on this page.
Obtaining a DoD PKI/CAC Certificate
- How do I obtain a DoD PKI client certificate?
This site does not issue certificates . however one is recommended for easier and more secure access.
DOD PKI client certificates include 1 identity, 1 email signature, and 1 email encryption certificate, and may be obtained from the DoD free
of charge. DoD PKI certificates are available as software certificates (private keys stored in three .p12 files) or on Common Access Cards (private keys embedded in CAC). DoD Contractors may obtain CACs if their government sponsor deems it necessary.
In order for you to obtain a DOD issued certificate users must fulfill one of three requirements:
- Be active duty, reservist, or a DOD civilian.
- The user must work on site at a military or government installation.
- User is a DOD contractor that works on GFE equipment.
Software Certificates may be obtained from the DoD if you fulfill one of the requirements listed above. You must contact your Local Registration Authority (LRA). Your DOD sponsor will be able to provide information on contacting your LRA. Obtain a "Certificate Registration Instructions"(CRI) sheet from the LRA. The CRI contains your user number and one time password which you will need to obtain your personal DoD certificate. Provide the LRA:
- Picture form of identification
- A signed PKI User Responsibility Form
If you do not fulfill one of the above requirements, an IECA/ECA certificate must be purchased from one of the three DOD approved vendors. More information is listed IECA/ECA certificates.Hardware Certificates in the form of a CAC may be obtained by DoD Contractors if their government sponsor deems it necessary. Use the link listed below to determine the nearest DEERS/RAPIDS office.
To obtain a Common Access Card (CAC), contact DEERS/RAPIDS personnel. To locate the nearest DEERS/RAPIDS office (1-800-372-7437), visit the RAPIDS Site Locator (accessible from all domains) and search by city, state, or zip code.Please note that a smart card reader and middleware are required for your Operating System to access the CAC PKI certificates. Eligible contractors must complete Section I and have their government sponsor complete Section III of DD Form 1172-2 prior to visiting a DEERS/RAPIDS office.
To obtain -Interim- External Certificate Authority (-I-ECA) certificates, visit the IASE External Certificate Authority link (lists the 3 steps to obtain an -I-ECA certificate).