Skip Ribbon Commands Skip to main content
  
Download Link
Description
Edit
Unclassified
Interoperability Downloads Description
The Interoperability Downloads section that follows has the latest certificate trust chains, a master document that contains trust chain and assurance level information, the DoD External Interoperability Plan, and other important information.
 
Unclassified
Interoperability Tools Description
DoD PKE offers the following tools to facilitate acceptance of DoD Approved External PKI credentials in accordance with DoD policy.
 
Unclassified/FOUO
Axway Desktop Validator 4.12 Workstation and Server Configuration *PKI
 
Axway Desktop Validator 4.12 Workstation and Server Configuration *PKI
 
This guide provides instructions for configuring Axway Desktop Validator 4.12 according to DoD best practices. Configuration files for DoD, ECA, DoD Approved External CAs, and NSS and SIPRNET Legacy CAs are also available as separate downloads. The below configuration files have been prepared by the DoD PKE team to support high-volume servers operating in NIPRNet or SIPRNet environments. These files are intended for servers only. For workstation configuration information, please review the guidance in the Axway configuration guide.
 
Unclassified
CRLAutoCache 4.2: System Administrator Guide *PKI
This guide provides installation and configuration instructions for the DoD PKE CRLAutoCache tool. (PDF Download) Date: 04/19/2016 | Size: 1,713 KB
 
Unclassified
CRLAutoCache 4.2: Windows Installers *PKI
 
CRLAutoCache 4.2: Windows Installers *PKI
This tool provides administrators with a flexible solution to create local enclave CRL caches by downloading and publishing CRLs to local LDAP directory servers, web servers, and network file shares. The following Operating Systems are supported (both 32- and 64-bit): Windows XP, Windows Vista, Windows 7, Windows 8.x, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
 
Unclassified
 
The CRLAutoCache for Linux utility provides the capability to download DoD and other certificate revocation lists (CRLs) to a local cache on a Linux machine. The tool also has the ability to process downloaded CRLs for use with OpenSSL-based products, such as Apache web server configured with mod_ssl, and Mozilla Network Security Services (NSS). CRLAutoCache for Linux can be scheduled to periodically download CRLs to a local cache automatically. The NIPRNet version of the tool retrieves the DoD PKI NIPRNet CRLs by default. (TAR.GZ Download) Size: 10 KB SHA256 Hash of the TAR.GZ is a44d328b66a055f22ce4dd022320345c8afbc89256c24eb09c9c7a8efc0bdf40.
 
Unclassified
CRLAutoCache for Linux 2.05 - SIPRNet *PKI
CRLAutoCache for Linux 2.05 - SIPRNet *PKI
The CRLAutoCache for Linux utility provides the capability to download DoD and other certificate revocation lists (CRLs) to a local cache on a Linux machine. The tool also has the ability to process downloaded CRLs for use with OpenSSL-based products, such as Apache web server configured with mod_ssl, and Mozilla Network Security Services (NSS). CRLAutoCache for Linux can be scheduled to periodically download CRLs to a local cache automatically. The SIPRNet version of the tool retrieves the NSS PKI and legacy DoD SIPRNet PKI CRLs by default. (Downloads available on SIPRNet Only - URL http://iase.rel.disa.smil.mil/pki-pke/function_pages/tools.html)
 
Unclassified
CRLAutoCache for Linux User Guide *PKI
This guide provides installation and usage instructions for both the NIPRNet and SIPRNet versions of CRLAutoCache for Linux. (PDF Download) Date: 06/03/2014 | Size: 546 KB
 
Unclassified
Department of Defense External Interoperability Plan - Version 1.0
 
The DoD Public Key Infrastructure (PKI) External Interoperability Plan (EIP) outlines the steps to be accomplished in order for External PKIs to be designated as approved for use with DoD relying parties. (PDF Download) Date: 08/20/2010 | Size: 1,984 KB
 
Unclassified
DoD and ECA CRL Distribution Points (CRLDPs)
 
This file provides a listing of all DoD and ECA CRLDPs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates. (TXT Download) Date: 08/29/2018 | Size: 3 KB
 
Unclassified
DoD Approved Assurance Levels from External Partner PKIs *PKI
This file provides a listing of all DoD approved assurance levels from approved partner PKIs. Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the Certificate Policies x509 certificate extension. DoD relying party applications can only accept certificates with OIDs that map to FBCA medium hardware assurance level or higher (includes PIV and PIV-I OIDs). (TXT Download) Date: 09/17/2018 | Size: 12 KB
 
Unclassified
DoD Approved External CRL Distribution Points (CRLDPs)
This file provides a listing of all DoD approved CRLDPs from approved partner PKIs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates. (TXT Download) Date: 03/05/2018 | Size: 6 KB
 
Unclassified
DoD Approved External OCSP URLs
This file provides a listing of all DoD approved On-line Certificate Status Protocol (OCSP) URLs from approved partner OCSP responders. OCSP responders are represented by HTTP URLs that are asserted in the Authority Information Access certificate extension. OCSP validation is one of the mechanisms used by DoD relying party applications to validate certificates. (TXT Download) Date: 07/27/2018 | Size: 3 KB
 
Unclassified
DoD Approved External PKI Certificate Trust Chains - Version 6.4 *PKI
This zip file contains certificate trust chains for DoD Approved External PKIs.(ZIP Download) Date: 09/17/2018 | Size: 243 KB
 
Unclassified
DoD Approved External PKIs Category 1 Certificate Trust Chains (Federal Agencies) - Version 1.4 *PKI
This zip file contains certificate trust chains for DoD Approved External Category 1 PKIs (Federal Agencies)(ZIP Download) Date: 09/17/2018 | Size: 58 KB
 
Unclassified
DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.7 *PKI
This zip file contains certificate trust chains for DoD Approved External Category 2 PKIs (Non Federal Issuers (ZIP Download) Date: 09/17/2018 | Size: 81 KB
 
Unclassified
DoD Approved External PKIs Master Document - Version 6.3
 
This document provides Certification Authority (CA) certificate trust chain and assurance level information for all Department of Defense (DoD) approved Public Key Infrastructures (PKIs). (PDF Download) Date: 03/05/2018 | Size: 1,598 KB
 
Unclassified
DoD Memorandum - Department of Defense Acceptance and Use of Personal Identity Verification-Interoperable (PIV-I) Credentials
This DoD Memorandum permits acceptance of PIV-I credentials for authentication and access when DoD relying parties, installation commanders, and facility coordinators determine that granting access is appropriate and the appropriate vetting requirements are met. (PDF Download) Date: 06/28/2012 | Size: 663 KB
 
Unclassified
DoD Memorandum - Department of Defense Requirements for Accepting Non-Federally Issued Identity Credentials
This DoD Memorandum provides Federal Government Guidance on acceptance and use of Non-Federal Issuer (NFI) identity credentials and specific DoD policies and practices for accepting credentials for logical access to DoD applications and websites. (PDF Download) Date: 03/04/2013 | Size: 2,465 KB
 
Unclassified
DoD Partner PKI Interoperabilty Test Plan - Version 2.0 *PKI
In addition to the requirements specified in the aforementioned documents, each intended external PKI must be tested and evaluated by JITC to prove it is technically interoperable prior to approval for use in DoD. This document provides the guidance and steps necessary to conduct Public Key Enabled interoperability testing of external partner Public Key Infrastructures (PKIs) with which the DoD desires to interoperate. This document focuses on usage of both the direct trust model and the cross certification trust model as the means of achieving interoperability. Results of all JITC Partner PKI testing are available on the JITC DoD PKI Interagency/Partner Interoperable Testing page at http://jitc.fhu.disa.mil/pki/pke_lab/partner_pki_testing/partner_pki_status.html (link). IDManagement.gov provides a one-stop shop for citizens, businesses, and government entities interested in identity management activities, including topics related to Homeland Security Presidential Directive 12 (HSPD-12); Federal Public Key Infrastructure (FPKI); Identity, Credential, and Access Management (ICAM); and Acquisitions. http://www.idmanagement.gov/ (link) (PDF Download) Date: 11/15/2010 | Size: 1,640 KB
 
Unclassified
DoD-ECA Cross Certificates (Reference Purposes) *PKI
This zip file contains cross certificates for DoD and ECA for reference purposes. (ZIP Download) Date: 9/4/2018 | Size: 27 KB
 
Unclassified
OMB Memorandum 11-11, Continued Implementation of HSPD-12
OMB M-11-11 requires that all federal agencies continue implementing the requirements outlined in Homeland Security Presidential Directive (HSPD) 12 to enable agency-wide use of the Personal Identity Verification (PIV) card. This includes enabling agency IT systems, applications, and facilities to be capable of using the PIV card as the mechanism for granting user access.OMB M-11-11, Continued Implementation of HSPD-12 (Download Link)
 
Unclassified
PKI Interoperability Application Testing Methodology and Test Report - Version 1.2 *PKI
The PKI Interoperability Application Testing Methodology and Test Report provides results for common DoD application and their ability to support cross certificate trust by building and validating certification paths through a bridge such as the Federal Bridge Certificate Authority (FBCA). (PDF Download) Date: 07/11/2010 | Size: 653 KB
 
Unclassified
The DoD PKI External Interoperability Landscape - Version 5.5
This diagram provides an overview of the Federal PKI Interoperability Landscape and illustrates the cross certificate trust relationships between DoD PKI and External PKIs. (PDF Download) Date: 09/06/2016 | Size: 748 KB
 
Unclassified
Trust Anchor Constraints Tool (TACT): 1.2.2 Installation Instructions
This guide provides installation instructions for TACT. (PDF Download) Date: 06/16/2014 | Size: 625 KB
 
Unclassified
Trust Anchor Constraints Tool (TACT): 1.2.2 User Guide
This guide provides usage instructions for TACT. (PDF Download) Date: 06/16/2014 | Size: 2,554 KB
 
Unclassified/FOUO
Trust Anchor Constraints Tool (TACT): 1.2.6 Linux Installer *PKI
 
Trust Anchor Constraints Tool (TACT): 1.2.6 Linux Installer *PKI
This installer provides a web server plug-in and management applications to enable Apache 2.2 and 2.4 to authenticate DoD and DoD-approved external partner certificates with fewer client-side interoperability issues and with enhanced security. TACT allows administrators to configure the web server to enforce additional PKI constraints during the authentication process. The following operating systems are supported: Red Hat Enterprise Linux 5.x and 6.x.
 
Unclassified/FOUO
Trust Anchor Constraints Tool (TACT): 1.2.6 Windows Installer *PKI
 
Trust Anchor Constraints Tool (TACT): 1.2.6 Windows Installer *PKI
This installer provides a web server plug-in and management applications to enable IIS 6, 7, and 8, and Apache 2.2 and 2.4 (on selected platforms) to authenticate DoD and DoD-approved external partners with fewer client-side interoperability issues and with enhanced security. TACT allows administrators to configure the web server to enforce additional PKI constraints during the authentication process. The following operating systems are supported: Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows 7 and Windows 8.
 
Unclassified/FOUO
Tumbleweed Desktop Validator 4.10/4.11 Workstation and Server Configuration
 
Tumbleweed Desktop Validator 4.10/4.11 Workstation and Server Configuration
 
This guide provides instructions for configuring Tumbleweed Desktop Validator 4.10 according to DoD best practices. Configuration files for DoD, ECA, DoD Approved External CAs, and NSS and SIPRNET Legacy CAs are also available as separate downloads. The below configuration files have been prepared by the DoD PKE team to support high-volume servers operating in NIPRNet or SIPRNet environments. These files are intended for servers only. For workstation configuration information, please review the guidance in the Axway/Tumbleweed configuration guide.
 
Unclassified
Working with External PKIs - Version 5.5
This slick sheet provides an overview of the Federal PKI/Federal Bridge and discusses the usage of External PKIs within the DoD. (PDF Download) Date: 06/09/2016 | Size: 376 KB