A Public Key Infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify the identity of a server or a user. A Certificate Authority (CA) is starting point for a chain of trust to the server or user. Authenticated and encrypted communications between two parties are only possible when they have common Certificate Authorities (CA).
Some of our public webservers use commercial certificates from Certum and Comodo and their reseller SSL.com. Accessing these website generally requires no action, since Comodo has arranged for their certificates to be pre-installed in operating systems, applications, and many commercial products such as appliances. If you run into problems accessing any of these systems, such as from a customer location, you may need to install the SSL.com Certium and Comodo root certificate authorities.
Like DoD and other defense contractors, BCT maintains a private certificate authority integrated with our Active Directory system. Certificates are used for servers, network devices, and users. To avoid a certificate error accessing selected company systems sites, you must install our private Root Certificates.
We also use systems provided by Ashton-Group Services, LLC. They also use their own corporate Root Certificate.
BCT users can self-enroll for a BCT LLC user certificate for use in authentication, digital signing, or encryption. Certificates are integrated with your Active Directory account.
Many DoD websites require DoD PKI for access. TO satisfy these requirements, we can purchase DoD user identity and encryption certificates from ORC (WidePoint), who is accredited as an External Certificate Authority (ECA).
For most websites, a software certificate will be sufficient. These are called "Medium Assurance Identity/Encryption Certificates".
For most websites, a software certificate will be sufficient. These are called "Medium Assurance Identity/Encryption Certificates" and are stored in your user profile on your workstation.
Some websites require a hardware token such as a CAC card or a thumb drive for additional assurance. Your certificates are stored on this physical token rather than on your workstation.
To avoid a certificate error accessing secure DoD web sites, you must install the DoD Root Certificates. DoD operates its own certificate system to avoid the exposures from commercially purchased certificates. Follow these instructions and links to download and install the DoD Root Certificate Authorities.
DISA's InstallRoot is a utility to install and manages all of the DoD and ECA root and intermediate certificate authority root certificates into trust stores on Microsoft Windows servers and workstations.
This DISA archive contains all of the DoD Root certificate authorities. This archive can be used as an alternative to the InstallRoot application.
This DISA archive contains all of the ECA Root certificate authorities. This archive can be used as an alternative to the InstallRoot application.
For questions or problems with the DoD website please contact the DISA OKC OST at 1-800-490-1643 or by email at firstname.lastname@example.org.