Skip Ribbon Commands Skip to main content

PKI and PKE Tools

*PKI = DoD PKI Certificate Required
 

 Domain Management

 
Description
The DoD PKE Password Hash Refresh script can be used to periodically change passwords (and by extension, their associated hashes) for smart card-enforced accounts within specific OU containers and Groups in Microsoft Active Directory (AD). (ZIP Download) Size: 2 KB
This guide provides step-by-step instructions for using the DoD PKE Password Hash Refresh script to periodically change passwords (and by extension, their associated hashes) for smart card enforced accounts. (PDF Download) Date: 02/11/2014 | Size: 686 KB
Smart Card Logon (SCL) Troubleshooting Tool 1.0 *PKI
The SCL troubleshooting Tool is designed to identify and diagnose SCL problems that are present on an Active Directory domain controller. The following operating systems are supported: Windows Server 2008, 2008 R2, 2012, and 2012 R2 . (MSI Download) Date: 02/26/2016 | Size: 14,161 KB
Smart Card Logon (SCL) Troubleshooting Tool 1.0 User Guide *PKI
This guide provides usage instructions for the Smart Card Logon (SCL) Troubleshooting Tool. (PDF Download) Date: 02/26/2016 | Size: 605 KB
 

 Certificate Tools

 
Description
90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version *Downloads available on SIPRNet URL Only
This zip file contains software and documentation for 90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version, including full install and upgrade files, an upgrade README, administration guide, release notes, and ADM/ADMX templates for policy settings. (Downloads available on SIPRNet URL http://iase.rel.disa.smil.mil/pki-pke/landing_pages/rlts.html)
90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version Release Notes *PKI
These release notes detail new product features and changes for this release of 90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version. (PDF Download) Date: 10/31/2014 | Size: 572
This guide provides administration and configuration instructions for 90meter Certificate Issuance Workstation (CIW) 1.0.17 RA Version. (PDF Download) Date: 10/31/2014 | Size: 2,264 KB
Domain Controller Certificate Request Generation
 
This script can be used to generate domain controller certificate requests. The script generates a PKCS10 request and displays the domain controller GUID information.
  • NIPR Download *PKI - (ZIP Download) Size: 11 KB
  • SIPR Download *Downloads available on SIPRNet URL Only - (ZIP Download) Size: 9 KB
    (Download available on SIPRNet URL http://iase.rel.disa.smil.mil/pki-pke/landing_pages/siprnet_pki.html)
 

 Certificate Validation

 
Description
PKI Interoperability Test Tool (PITT): 2.0.6 Linux Installer *PKI
The PKI Interoperability Test Tool version 2 (PITTv2) is a utility intended to assist with evaluating interoperability alternatives to establish trust with prospective partner PKIs and to troubleshoot certification path processing problems. The following operating systems are supported: Red Hat Enterprise Linux 5.x and 6.x.
PKI Interoperability Test Tool (PITT): 2.0.6 User Guide
This guide provides usage instructions for PITT. (PDF Download) Date:09/02/2015 | Size: 1,928 KB
PKI Interoperability Test Tool (PITT): 2.0.6 Windows Installer *PKI
The PKI Interoperability Test Tool version 2 (PITTv2) is a utility intended to assist with evaluating interoperability alternatives to establish trust with prospective partner PKIs and to troubleshoot certification path processing problems. The following operating systems are supported: Windows Server 2003, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows 7 and Windows 8.
Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions
This guide provides installation instructions for TACT. (PDF Download) Date: 09/02/2015 | Size: 785 KB
Trust Anchor Constraints Tool (TACT): 1.2.6 Linux Installer *PKI
 
This installer provides a web server plug-in and management applications to enable Apache 2.2 and 2.4 to authenticate DoD and DoD-approved external partner certificates with fewer client-side interoperability issues and with enhanced security. TACT allows administrators to configure the web server to enforce additional PKI constraints during the authentication process. The following operating systems are supported: Red Hat Enterprise Linux 5.x and 6.x.
Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide
This guide provides usage instructions for TACT. (PDF Download) Date: 09/02/2015 | Size: 2,313 KB
Trust Anchor Constraints Tool (TACT): 1.2.6 Windows Installer *PKI
This installer provides a web server plug-in and management applications to enable IIS 6, 7, and 8, and Apache 2.2 and 2.4 (on selected platforms) to authenticate DoD and DoD-approved external partners with fewer client-side interoperability issues and with enhanced security. TACT allows administrators to configure the web server to enforce additional PKI constraints during the authentication process. The following operating systems are supported: Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows 7 and Windows 8.
Previous11 - 17
 

 Email

 
Description
This guide provides installation and usage instructions for the DoD PKE CertAdmin tool. (PDF Download) Date: 05/20/2009 | Size: 826 KB
This tool gives administrators several methods for detecting and managing user certificates published to the Microsoft Exchange GAL that are nearing expiration or have already expired. (ZIP Download) Size: 5.6 MB
This guide provides installation and usage instructions for the DoD PKE MailCrypt tool. (PDF Download) Date: 07/13/2016 | Size: 1,072 KB
MailCrypt 3.1 Windows Installers *PKI
This tool performs bulk decryption and re-encryption of Microsoft Outlook message stores, giving users the ability to update old encrypted email to be accessible using a new CAC. The following Operating Systems are supported: Windows Vista, 7, and 8.x. 64-bit support requires a 64-bit version of Microsoft Office. If you are running a 64-bit version of Windows with a 32-bit installation of Microsoft Office, the 32-bit installer is required; otherwise please select the installer that matches your Windows installation.
 

 Middleware

 
Description
90meter Smart Card Manager
DoD personnel who use up-to-date DoD-approved 90meter Smart Card Manager products on DoD networks must have a valid licensing agreement with 90meter. Due to licensing agreements, DoD cannot provide 90meter Smart Card Manager version 1.4.32S on the IASE website. Users may acquire DoD-approved 90meter products directly from sales1@90meter.com.
 

 Mobile Devices

 
Description
BlackBerry Expired OCSP Certificate Remover *PKI
This tool removes expired OCSP signing certificates from BlackBerry devices to prevent digital signature and encryption problems. (ZIP Download) Size: 66 KB
BlackBerry: Running the BlackBerry Expired OCSP Certificate Remover *PKI
This document provides DoD BlackBerry users step-by-step instructions for using the BlackBerry Expired OCSP Certificate Remover to correct a known error in validating email signatures and sending encrypted email. (PDF Download) Date: 1/2013 | Size: 385 KB
 

 Trust Store

 
Description
InstallRoot 5.2: NIPR Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.1 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
InstallRoot 5.2: SIPR Windows Installer *Downloads available on SIPRNet URL Only
This tool allows users to install the National Security Systems (NSS) PKI root, intermediate and subordinate CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.2 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows XP, Vista, Windows 7, Windows 8 and 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. This version should only be run on machines connected to Secret networks, and is only available from the DoD PKE SIPRNET site.
InstallRoot 5.2: User Guide
This guide provides installation and usage instructions for the DoD PKE InstallRoot 5.2 tool. (PDF Download) Date: 11/20/2017 | Size: 2.6 MB
This script facilitates population of trusted Certification Authority (CA) certificates in an NSS database on Linux operating systems. The script extracts all certificates from a specified PKCS#7 file, converts them to PEM format as necessary, then loads them into a specified NSS database. (ZIP Download) Size: 2 KB
This guide provides installation and usage instructions for the NSSdb CertLoader script for Linux environments. (PDF Download) Date: 07/09/2015 | Size: 333 KB
This script facilitates population of trusted Certification Authority (CA) certificates in an NSS database on Windows operating systems. The script extracts all certificates from a specified PKCS#7 file, converts them to PEM format as necessary, then loads them into a specified NSS database. (ZIP Download) Size: 2 KB
This guide provides installation and usage instructions for the NSSdb CertLoader script for Windows environments. (PDF Download) Date: 07/09/2015 | Size: 331 KB
PKI CA Certificate Bundles: PKCS#7
These zip files contain three PKCS#7 files that contain all the Certification Authority (CA) certificates for the specified PKI in different formats. One PKCS#7 file contains the certificates in DER format, another in PEM, and the last also in PEM but with a signature applied to the PKCS#7 file. Instructions for verifying the integrity of all three files using OpenSSL are included in the README
PKI-PKE