Skip Ribbon Commands Skip to main content

PKI and PKE Announcements

Announcements
Stay compliant with the Windows OS STIG rules

To ensure that users do not experience denial of service when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CA 2 and DoD Root CA 3, the Windows OS STIG requires that all cross certs issued from DoD's Interoperability and CCEB Interoperability Root CAs to DoD Root CA 2 and DoD Root CA 3 be installed in the Untrusted Certificate Store. This can be accomplished by running the FBCA cross-certificate removal tool FBCA cross-certificate removal tool which automatically installs the cross certificate into the Untrusted Certificate Store. Alternatively, the cross-certificate can be obtained here and installed manually.
​​
InstallRoot 5 is now available!

New features in InstallRoot 5 include support for network proxies and Java trust stores, as well as a new certificate cleanup feature and multiple trust store configuration options.

InstallRoot allows users to install CA certificates for DoD PKIs into their Windows and Firefox certificate stores. InstallRoot 5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows XP, Windows Vista, Windows 7, Windows 8 and 8.1, Windows 10, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

DoD PKI SHA-256 CAs have been released. Enrollment pages for these CAs are available at:

https://ee-id-sw-ca-37.csd.disa.mil
https://ee-id-sw-ca-38.csd.disa.mil

To find your RA Operations office or your CC/S/A PKI help desk, please visit our Contact Us page. For further assistance, contact the DOD PKE help desk at dodpke@mail.mil
Our email address has changed!

The DoD PKE team's email address has recently changed due to the migration to Defense Enterprise Email. Our new email address is dodpke@mail.mil.
PKI-PKE