Skip Ribbon Commands Skip to main content

For Administrators, Integrators & Developers

*PKI = DoD PKI Certificate Required

The high-level steps generally required to PKE are available on the Getting Started for Administrators page.

 

 Certificate Validation

 
Description
This slick sheet provides an overview of certificate revocation checking, including methods and implementation best practices. (PDF Download) Date: 10/09/2012 | Size: 333 KB
This guide provides basic requirements and best practices for vendors or custom system developers looking to build certificate validation capabilities into their products. (PDF Download) Date: 08/08/2012 | Size: 454 KB
This slick sheet provides an overview of the capabilities provided by the Robust Certificate Validation Services (RCVS). (PDF Download) Date: 03/26/2014 | Size: 453 KB
This white paper discusses methods for improving the efficiency of the revocation checking portion of the certificate validation process. (PDF Download) Date: 10/2012 | Size: 309 KB
 

 Desktop Applications

 
Description
This guide documents the steps to configure Adobe to leverage MS CAPI for verifying certificate trust and revocation when performing digital signature validation. (PDF Download) Date: 11/20/2013 | Size: 822 KB
 

 Development

 
Description
This slick sheet provides an overview of the X.509 PKI certificates on the Common Access Card (CAC). (PDF Download) Date: 10/09/2012 | Size: 617 KB
This slick sheet provides an overview of the logical interfaces of the DoD Common Access Card. (PDF Download) Date: 10/09/2012 | Size: 313 KB
This quick reference guide provides instructions on how to apply PK-enabling guidance developed for NIPRNet to SIPRNet systems and environments. (PDF Download) Date: 08/20/2012 | Size: 224 KB
This document describes the process of utilizing a DoD mobile code signing certificate to digitally sign code/software used on the DoD network. (PDF Download) Date: 07/303/2015 | Size: 575 KB
DoD Approved Assurance Levels from External Partner PKIs *PKI
This file provides a listing of all DoD approved assurance levels from approved partner PKIs. Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the Certificate Policies x509 certificate extension. DoD relying party applications can only accept certificates with OIDs that map to FBCA medium hardware assurance level or higher (includes PIV and PIV-I OIDs). (TXT Download) Date: 3/5/2018 | Size: 12 KB
This document describes the functional interface to the Department of Defense (DoD) Public Key Infrastructure to support development of applications capable of interacting with the DoD PKI. (PDF Download) Date: 9/2010 | Size: 877 KB
This slick sheet contains information about the test materials available to support NIPRNet PK-enablement and how to obtain them. (PDF Download) Date: 08/19/2013 | Size: 224 KB
This guide describes the process for requesting and obtaining a DoD mobile code signing certificate to digitally sign code/software used on the DoD network. (PDF Download) Date: 07/02/2013 | Size: 534 KB
This slick sheet contains information about the test materials available to support SIPRNet PK-enablement and how to obtain them. (PDF Download) Date: 08/15/2012 | Size: 205 KB
The DoD and SHA-256 *PKI
This slick sheet provides some helpful facts about the DoD and SHA-256. (PDF Download) Date: 01/02/2014 | Size: 329 KB
Working with External PKIs - Version 5.5
This slick sheet provides an overview of the Federal PKI/Federal Bridge and discusses the usage of External PKIs within the DoD. (PDF Download) Date: 06/09/2016 | Size: 376 KB
 

 Email

 
Description
This guide provides instructions for configuring Name Check Suppression (NCS) for Microsoft Outlook. (PDF Download) Date: 04/12/2013 | Size: 581 KB
 

 Middleware

 
Description
ActivClient 7: Configuration Guide *PKI
The procedures in this document guide the reader in configuring the ActivClient 7 middleware for use on workstations/desktop systems and servers. (PDF Download) Date: 02/22/2013 | Size: 517 KB
Axway Desktop Validator 4.12 Workstation and Server Configuration *PKI
 
This guide provides instructions for configuring Axway Desktop Validator 4.12 according to DoD best practices. Configuration files for DoD, ECA, DoD Approved External CAs, and NSS and SIPRNET Legacy CAs are also available as separate downloads. The below configuration files have been prepared by the DoD PKE team to support high-volume servers operating in NIPRNet or SIPRNet environments. These files are intended for servers only. For workstation configuration information, please review the guidance in the Axway configuration guide.
Tumbleweed Desktop Validator 4.10/4.11 Workstation and Server Configuration
 
This guide provides instructions for configuring Tumbleweed Desktop Validator 4.10 according to DoD best practices. Configuration files for DoD, ECA, DoD Approved External CAs, and NSS and SIPRNET Legacy CAs are also available as separate downloads. The below configuration files have been prepared by the DoD PKE team to support high-volume servers operating in NIPRNet or SIPRNet environments. These files are intended for servers only. For workstation configuration information, please review the guidance in the Axway/Tumbleweed configuration guide.
 

 Mobile Devices

 
Description
Android (Dell): Good Mobile Control and End User S/MIME Configuration *PKI
This appendix to the Android 2.2 (Dell) STIG Technology Overview provides instructions for configuring S/MIME capabilities on Android devices using the Good Mobile Control solution. Both server-side and end user device configuration instructions are provided, including configuring the Good Mobile Control server for use with DoD PKI and S/MIME support, pairing the Dell Android device with a baiMobile 3000MP Bluetooth smart card reader and installing user certificates on the device. (PDF Download) Date: 11/23/2011 | Size: 280 KB
Apple iOS: Good Mobile Control and End User S/MIME Configuration *PKI
This appendix to the Apple iOS 4 ISCG Technology Overview provides instructions for configuring S/MIME capabilities on iOS devices (including iPhone, iPad and iPod Touch) using the Good Mobile Control solution. Both server-side and end user device configuration instructions are provided, including configuring the Good Mobile Control server for use with DoD PKI and S/MIME support, pairing the iOS device with a baiMobile 3000MP Bluetooth smart card reader and installing user certificates on the device. (PDF Download) Date: 10/20/2011 | Size: 281 KB
BlackBerry Desktop Manager: Configuring OCSP and LDAP Servers *PKI
This guide provides instructions on adding and configuring Online Certificate Status Protocol (OCSP) and Lightweight Directory Access Protocol (LDAP) server URLs within the Certificate Synchronization Options of BlackBerry Desktop Manager. (PDF Download) Date: 7/2009 | Size: 263 KB
BlackBerry Enterprise Server: DoD Public Key Enabling for System Administrators *PKI
This guide defines the procedures for deploying the BlackBerry DoD Root Certification Authority (CA) application and provides BES administrators with step-by-step guidance on how to verify that the necessary software and drivers are installed, ensure that the correct certificate server settings have been configured on a device, pair a handheld device with a smart card reader, import CAC certificates to a device, and digitally sign/encrypt email. It also discusses how to deploy the BlackBerry Expired OCSP Certificate Remover to address digital signing and encryption issues. (PDF Download) Date: 1/2013 | Size: 1,978 KB
BlackBerry Expired OCSP Certificate Remover *PKI
This tool removes expired OCSP signing certificates from BlackBerry devices to prevent digital signature and encryption problems. (ZIP Download) Size: 66 KB
BlackBerry: Certificate Fetching Troubleshooting *PKI
This guide provides troubleshooting steps for instances when BlackBerry devices cannot automatically fetch public certificates for sending encrypted emails. (PDF Download) Date: 08/06/2012 | Size: 233 KB
BlackBerry: Deleting Expired OCSP Certificates *PKI
This guide provides instructions for manually removing expired OCSP certificates whose presence will prevent revocation checking from completing successfully. (PDF Download) Date: 04/02/2015 | Size: 357
BlackBerry: Pairing a BlackBerry Smart Card Reader (SCR) with a BlackBerry Operating System (OS) Handheld *PKI
This guide provides step-by-step instructions for pairing a first generation BlackBerry smart card reader (SCR) with a BlackBerry handheld, running BlackBerry OS, to enable Secure/Multipurpose Internet Mail Extensions (S/MIME) functionality.
BlackBerry: Running the BlackBerry Expired OCSP Certificate Remover *PKI
This document provides DoD BlackBerry users step-by-step instructions for using the BlackBerry Expired OCSP Certificate Remover to correct a known error in validating email signatures and sending encrypted email. (PDF Download) Date: 1/2013 | Size: 385 KB
Commercial Mobile Devices PKI Capabilities Assessment *PKI
This document provides an overview of observed PKI capabilities on BlackBerry, iOS and Android mobile platforms as of June 2011, addressing support for authentication and Secure/Multi-purpose Internet Mail Extensions (S/MIME) capabilities. Configurability of PKI-related functions is also discussed. (PDF Download) Date: 10/12/2012 | Size: 347 KB
FAQ: Blackberry I/O Error While Communicating with Proxy *PKI
This FAQ discusses causes and recommended resolution to I/O errors experienced by the BlackBerry Enterprise Server (BES) when trying to communicate with RCVS (http://ocsp.disa.mil). (PDF Download) Date: 07/31/2012 | Size: 124 KB
Using Your BlackBerry with a First-Generation Smart Card Reader *PKI
This slick sheet describes how to pair a BlackBerry device with a first-generation smart card reader to digitally sign and encrypt email using your CAC certificates. (PDF Download) Date: 10/12/2012 | Size: 396 KB
Using Your BlackBerry with a Second-Generation Smart Card Reader *PKI
This slick sheet describes how to pair a BlackBerry device with a second-generation smart card reader to digitally sign and encrypt email using your CAC certificates. (PDF Download) Date: 10/12/2012 | Size: 394 KB
Why is my BlackBerry not working? *PKI
This slick sheet discusses common BlackBerry email error messages, their causes and resolutions. (PDF Download) Date: 08/15/2012 | Size: 277 KB
 

 Network Configuration

 
Description
This slick sheet provides an overview of the DoD Alternate Logon Token (ALT) including what it is used for, why it is needed, who is eligible for one and how to obtain it. (PDF Download) Date: 05/20/2014 | Size: 246 KB
This guide provides instructions for configuring Blue Coat ProxySG Security Gateway Operating System (SGOS) 6.3, a commercial authentication proxy appliance, to use DoD PKI. (PDF Download) Date: 06/03/2013 | Size: 2,579 KB
Bluecoat, Sidewinder G2 and Squid: Enabling Network Web Caching for CRLs *PKI
This guide provides instructions for configuring various web proxies to cache DoD CRLs to improve local performance and decrease load on GDS. (PDF Download) Date: 08/04/2014 | Size: 165 KB
Cisco Remote Access VPN: PKE Configuration *PKI
This guide provides instructions for configuring the Cisco Virtual Private Network (VPN) product suite to utilize DoD PKI in accordance with DoD best practices. (PDF Download) Date: 11/01/2013 | Size: 2,105 KB
This guide is written for DoD system or network administrators and provides instructions for configuring Cisco switches to support 802.1X authentication using Cisco Identity Services Engine (ISE) utilizing DoD PKI in accordance with DoD best practices. (PDF Download) Date: 11/01/2013 | Size: 2,228 KB
This document provides step-by-step guidance on configuring CoreStreet Validation Authority (VA) to support various tactical environment scenarios. (PDF Download) Date: 04/19/2013 | Size: 638 KB
This guide is provides instructions for configuring the F5 Networks BIG-IP Local Traffic Manager (LTM), a commercial load balancer and authentication proxy, to use DoD PKI in accordance with DoD best practices. (PDF Download) Date: 07/09/2013 | Size: 2,211 KB
This FAQ discusses the usage of alternate tokens for administrator account logon. (PDF Download) Date: 10/16/2012 | Size: 180 KB
The procedures in this document guide the reader in configuring Linux for Smart Card Login (SCL) using Centrify Suite 2012.4. (PDF Download) Date: 02/12/2014 | Size: 466 KB
Linux: OpenSSH Public Key Authentication *PKI
The procedures in this document guide the reader in configuring OpenSSH to use public key authentication. (PDF Download) Date: 02/17/2016 | Size: 556 KB
The procedures in this document guide the reader in configuring Mac OS X for Smart Card Logon (SCL) using the Centrify Suite of products. (PDF Download) Date: 02/12/2014 | Size: 444 KB
Mac OS X: Enabling Smart Card Logon Using Thursby ADmitMac PKI *PKI
The procedures in this document guide the reader in configuring Mac OS X for smart card logon (SCL) using the Thursby ADmitMac PKI software. (PDF Download) Date: 12/19/2014 | Size: 526 KB
This document provides guidance on configuring the Microsoft CAPI2 native OCSP client component to support various DoD/National Security Systems (NSS) environments. (PDF Download) Date: 05/19/2014 | Size: 430 KB
Microsoft OCSP Responder: Public Key Enabling *PKI
This guide provides instructions for configuring the Microsoft OCSP Responder for use as a local OCSP responder to provide revocation status for DoD and/or NSS PKI certificates to local enclaves. (PDF Download) Date: 08/13/2014 | Size: 477 KB
This guide provides guidance on the process to Secure Socket Layer (SSL)/Transport Layer Security (TLS)-enable a Microsoft SharePoint 2010 server.(PDF Download) Date: 06/09/2014 | Size: 547 KB
Microsoft Threat Management Gateway (TMG): Public Key Enabling *PKI
This guide provides instructions for configuring Microsoft Threat Management Gateway (TMG) 2010, a commercial authentication proxy, to use DoD PKI in accordance with DoD best practices. (PDF Download) Date: 08/20/2014 | Size: 1,232 KB
Microsoft Windows Server 2003: Enabling Smart Card Logon *PKI
 
This guide provides instructions for configuring Windows Server 2003 for Smart Card Login on both NIPRNet and SIPRNet. (PDF Download) Date: 09/27/2017 | Size: 680 KB
Microsoft Windows Server 2008: Enabling Smart Card Logon *PKI
 
This guide provides instructions for configuring Windows Server 2008 for Smart Card Login on both NIPRNet and SIPRNet. (PDF Download) Date: 09/27/2017 | Size: 648 KB
Microsoft Windows Server 2012: Enabling Smart Card Logon *PKI
 
The procedures in this document guide the reader in configuring Windows Server 2012 for smart card logon (SCL). (PDF Download) Date: 09/27/2017 | Size: 583 KB
The guide provides steps for deploying certificates to Windows operating system trust stores using Windows Group Policy. (PDF Download) Date: 09/21/2012 | Size: 376 KB
This slick sheet provides information on the Pass-the-Hash (PtH) attack and steps that can be taken to mitigate the risks of being compromised. (PDF Download) Date: 01/30/2014 | Size: 301 KB
Red Hat Enterprise Linux: Configuring Local Smart Card Logon *PKI
The procedures in this document guide the reader in configuring Red Hat Enterprise Linux (RHEL) smart card logon (SCL) to a local Linux user account. (PDF Download) Date: 07/14/2015 | Size: 374 KB
This guide is written for DoD system or network administrators and provides instructions for configuring Riverbed Stingray Traffic Manager 8.0 (formerly known as Zeus), a commercial authentication proxy, to use DoD PKI in accordance with DoD best practices. (PDF Download) Date: 09/10/2012 | Size: 1,187 KB
Solaris 10/11: SSH Public Key Authentication *PKI
The procedures in this document guide the reader in configuring SSH on Solaris to use public key authentication. (PDF Download) Date: 06/06/2016 | Size: 514 KB
This guide provides instructions for configuring Squid 2.6, an open-source caching proxy, to cache DoD CRLs. (PDF Download) Date: 10/02/2012 | Size: 491 KB
SSH Clients Authentication with Smart Cards *PKI
The procedures in this document guide the reader in configuring several SSH clients to use smart cards to authenticate with SSH servers. (PDF Download) Date: 02/22/2016 | Size: 513 KB
This white paper discusses the approach to implementing revocation checking in various limited and unique network environments. (PDF Download) Date: 08/07/2013 | Size: 944 KB
Tumbleweed Validation Authority: Configuring for Tactical Environments *PKI
This document provides step-by-step guidance on configuring Axway (Tumbleweed) Validation Authority (VA) to support various tactical environment scenarios. (PDF Download) Date: 01/06/2015 | Size: 626 KB
This guide provides instructions for configuring a smart card logon-enabled Active Directory domain for authenticating users that connect via a wireless local area network (WLAN). (PDF Download) Date: 09/21/2012 | Size: 881 KB
 

 Thin Clients and Virtualization

 
Description
This guide provides instructions for configuring Citrix XenDesktop for secure authentication and communications using DoD PKI. (PDF Download) Date: 07/25/2012 | Size: 442 KB
This guide provides instructions for configuring thin clients that utilize the HP ThinPro operating system. (PDF Download) Date: 12/17/2013 | Size: 444 KB
This guide provides instructions for configuring Microsoft Remote Desktop Gateway (RDG) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/11/2013 | Size: 576 KB
This guide provides instructions for configuring Microsoft Remote Desktop Infrastructure on Red Hat Enterprise Virtualization (RHEV) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/14/2013 | Size: 443 KB
This guide provides instructions for configuring Microsoft Remote Desktop Services (RDS) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/21/2013 | Size: 1,149 KB
This guide provides instructions for configuring Microsoft Remote Desktop Web Access (RWA) for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/17/2013 | Size: 618 KB
VMWare Horizon View v5.2/5.3: Configuring for Use with DoD PKI
This guide is written for DoD system or network administrators and provides instructions for configuring the VMware Horizon View product suite to utilize DoD PKI in accordance with DoD best practices. (PDF Download) Date: 11/05/2014 | Size: 413 KB
This guide provides instructions for configuring VMware View for secure authentication and communications using DoD PKI. (PDF Download) Date: 01/08/2013 | Size: 386 KB
This guide provides instructions for configuring thin clients that run the Windows 7 Embedded Operating System (OS) for secure communications on SIPRNet. (PDF Download) Date: 01/27/2013 | Size: 596 KB
This guide provides instructions for configuring thin clients that run the Windows XP Embedded Operating System (OS) for secure communications on SIPRNet. (PDF Download) Date: 01/27/2013 | Size: 597 KB
This guide provides instructions for configuring Oracle Sun Ray Session Server (SRSS)-based and PCoIP zero clients for use with the SIPRNet hardware token. Specific instructions for the Sun Ray 2FS, GD Tadpole M1500, and Teradici zero clients are included. (PDF Download) Date: 01/27/2013 | Size: 546 KB
 

 Troubleshooting

 
Description
This slick sheet provides an overview of DoD PKI resources for end users, system administrators, PKI sponsors, RAs, LRAs, and KRAs. (PDF Download) Date: 02/28/2014 | Size: 401 KB
This FAQ discusses causes and recommended resolution to I/O errors experienced by the BlackBerry Enterprise Server (BES) when trying to communicate with RCVS (http://ocsp.disa.mil). (PDF Download) Date: 07/31/2012 | Size: 124 KB
This FAQ discusses the issue of DoD certificates chaining improperly to cross-certificates or the Common Policy Root Certification Authority (CA), and provides steps to resolve the issue. (PDF Download) Date: 04/24/2013 | Size: 237 KB
This FAQ discusses the enforcement of a password on the domain controller private key causing smart card logon errors. (PDF Download) Date: 07/31/2012 | Size: 158 KB
FAQ: Smart Card Logon Fails Due to Certificates Missing from the NTAuth Store *PKI
This FAQ discusses an issue with the disablement of Windows Task Scheduler preventing proper certificate replication to the NTAuth store, causing smart card logon failure. (PDF Download) Date: 04/30/2012 | Size: 159 KB
This FAQ discusses common causes for logon issues with new CACs. Smart card logon typically fails with the message "Your credentials could not be verified." (PDF Download) Date: 07/31/2012 | Size: 170 KB
 

 Tools

 
Description
90meter Smart Card Manager
DoD personnel who use up-to-date DoD-approved 90meter Smart Card Manager products on DoD networks must have a valid licensing agreement with 90meter. Due to licensing agreements, DoD cannot provide 90meter Smart Card Manager version 1.4.32S on the IASE website. Users may acquire DoD-approved 90meter products directly from sales1@90meter.com.
BlackBerry Expired OCSP Certificate Remover *PKI
This tool removes expired OCSP signing certificates from BlackBerry devices to prevent digital signature and encryption problems. (ZIP Download) Size: 66 KB
BlackBerry: Running the BlackBerry Expired OCSP Certificate Remover *PKI
This document provides DoD BlackBerry users step-by-step instructions for using the BlackBerry Expired OCSP Certificate Remover to correct a known error in validating email signatures and sending encrypted email. (PDF Download) Date: 1/2013 | Size: 385 KB
This guide provides installation and usage instructions for the DoD PKE CertAdmin tool. (PDF Download) Date: 05/20/2009 | Size: 826 KB
This tool gives administrators several methods for detecting and managing user certificates published to the Microsoft Exchange GAL that are nearing expiration or have already expired. (ZIP Download) Size: 5.6 MB
CRLAutoCache 4.2: System Administrator Guide *PKI
This guide provides installation and configuration instructions for the DoD PKE CRLAutoCache tool. (PDF Download) Date: 04/19/2016 | Size: 1,713 KB
CRLAutoCache 4.2: Windows Installers *PKI
This tool provides administrators with a flexible solution to create local enclave CRL caches by downloading and publishing CRLs to local LDAP directory servers, web servers, and network file shares. The following Operating Systems are supported (both 32- and 64-bit): Windows XP, Windows Vista, Windows 7, Windows 8.x, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
CRLAutoCache for Linux 2.05 - SIPRNet *PKI
The CRLAutoCache for Linux utility provides the capability to download DoD and other certificate revocation lists (CRLs) to a local cache on a Linux machine. The tool also has the ability to process downloaded CRLs for use with OpenSSL-based products, such as Apache web server configured with mod_ssl, and Mozilla Network Security Services (NSS). CRLAutoCache for Linux can be scheduled to periodically download CRLs to a local cache automatically. The SIPRNet version of the tool retrieves the NSS PKI and legacy DoD SIPRNet PKI CRLs by default. (Downloads available on SIPRNet Only - URL http://iase.rel.disa.smil.mil/pki-pke/function_pages/tools.html)
CRLAutoCache for Linux 2.06 - NIPRNet *PKI
The CRLAutoCache for Linux utility provides the capability to download DoD and other certificate revocation lists (CRLs) to a local cache on a Linux machine. The tool also has the ability to process downloaded CRLs for use with OpenSSL-based products, such as Apache web server configured with mod_ssl, and Mozilla Network Security Services (NSS). CRLAutoCache for Linux can be scheduled to periodically download CRLs to a local cache automatically. The NIPRNet version of the tool retrieves the DoD PKI NIPRNet CRLs by default. (TAR.GZ Download).
Date: March 2 2018. Size: 10 KB
SHA256 Hash of the file is be852ce21bf8b47df6c10d101d1bc89b62cfa44bf786e185151d67eaaae7d229
CRLAutoCache for Linux User Guide *PKI
This guide provides installation and usage instructions for both the NIPRNet and SIPRNet versions of CRLAutoCache for Linux. (PDF Download) Date: 01/03/2018 | Size: 583 KB
1 - 10Next
 

 Web Servers

 
Description
This guide provides instructions for PK-enabling Apache HTTP server on Linux using both NSS/mod_nss and OpenSSL/mod_ssl on both NIPRNet and SIPRNet. (PDF Download) Date: 07/09/2015 | Size: 847 KB
This guide provides instructions for PK-enabling Apache 2.4 HTTP server on Linux using both NSS/mod_nss and OpenSSL/mod_ssl on both NIPRNet and SIPRNet. (PDF Download) Date: 07/09/2015 | Size: 980 KB
Generating a Server Certificate Request using OpenSSL *PKI
 
This guide provides instructions for using openssl to generate a private key and server certificate request, then uploading the server certificate request to a DoD Certification Authority (CA) for signing. (PDF Download) Date: 05/04/2015 | Size: 486 KB
Generating a Server Certificate Using Network Security Services (NSS) *PKI
The purpose of this reference document is to provide guidance on obtaining a DoD/SIPR NSS PKI server certificate for use on a DoD NIPRNet or SIPRNet server using the Network Security Services (NSS) toolset. (PDF Download) Date: 06/12/2015 | Size: 411 KB
Java Keystore: Obtaining a DoD PKI Certificate *PKI
This guide provides instructions for obtaining a DoD or NSS PKI certificate for use with Java-based servers and applications (e.g. Apache Tomcat, Oracle WebLogic, IBM Websphere) that rely on Java keystores for certificate management. (PDF Download) Date: 06/30/2015 | Size: 535 KB
Microsoft Internet Information Services (IIS) 6.0: Public Key Enabling *PKI
This guide provides instructions for PK-enabling Microsoft IIS 6.0 on both NIPRNet and SIPRNet. (PDF Download) Date: 08/11/2014 | Size: 875 KB
This guide provides instructions for PK-enabling Microsoft IIS 7.0/7.5 on both NIPRNet and SIPRNet. (PDF Download) Date: 08/11/2014 | Size: 854 KB
This guide provides instructions for PK-enabling Microsoft IIS 8.0 on both NIPRNet and SIPRNet. (PDF Download) Date: 08/11/2014 | Size: 881 KB
 
This guide provides instructions for obtaining a PKI certificate for a unclassified or secret DoD server, including submitting a certificate signing request, requesting approval from your organization's Registration Authority (RA), and retrieving the issued certificate. (PDF Download) Date: 09/27/2017​ | Size: 622 KB
Oracle Weblogic Server: Public Key Enabling
The purpose of this reference guide is to provide guidance to the DoD user community on the process to secure and Secure Socket Layer (SSL)/Transport Layer Security (TLS)-enable an Oracle Weblogic server. (PDF Download) Date: 03/04/2015 | Size: 399 KB
This FAQ discusses steps for secure handling of P12/PFX files. (PDF Download) Date: 10/12/2012 | Size: 266 KB
This slick sheet provides an overview of the Trust Anchor Constraints Tool (TACT). TACT is a set of web server plug-ins and management applications that facilitates interoperability, enhances security and enables DoDI 8520.02 and 8520.03 compliance for web servers using TLS to authenticate DoD and DoD-approved external partners. (PDF Download) Date: 08/15/2012 | Size: 312 KB
PKI-PKE