Category III: Foreign, Allied, or Coalition Partner PKIs or other PKIs

Foreign, Allied, or Coalition Partner PKIs or other PKIs are categorized in the DoD External Interoperab​ility Plan as Category III PKIs. In addition to the technical requirements, Category III PKIs must sign a Cross Certification Agreement (CCA) and must be sponsored by a DoD relying party. With respect to Combined Communications-Electronics Board (CCEB), the CCA will comply with Allied Communications Publication (ACP) 185 which is the framework for PKI Interoperability between CCEB partner nations. The Australian Defence Organisation (ADO) PKI provides PKI credentials to military and civilian personnel. Subscribers include any individual that has been approved as having a requirement to be authenticated as affiliated with ADO. Subscribers include:

  • Defence personnel (permanent and reserve members of the Australian Defence Force (ADF), and Australian Public Service (APS) employees)
  • Members of the ADF Cadets
  • Contractors, Consultants and Professional Service Providers (individuals)
  • Other individuals approved by ADO as having a requirement for an ADO Certificate.
  • Secure Communications Resource Certificates are only issued to non-person entities (NPE), not individuals.

For CCEB PKIs, cross-certificate trust is the DoD recommended trust model for PKI validation. Unless applications specifically prevent cross-certificates, Direct Trust should not be used since relying party systems may inadvertently inherit trust from unapproved PKIs that are cross certified with ADO. To trust the ADO PKI via cross certificate trust, install the US DoD CCEB Interoperability Root CA 2 trust anchor on your public key enabled system. For systems that do not support dynamic certificate path building, it is necessary to install the entire cross-certificate chain. The Direct Trust chain is provided but should only be used on systems incapable of processing cross certificates. Any direct trust implementations must also use the Trust Anchor Constraints Tool (TACT) or implement another OID and name constraint filtering mechanism to prevent acceptance of certificates from unapproved PKIs and/or assurance levels.

See the DoD PKI External Interoperability FAQ for more information on DoD approved partner PKI credentials.

Australian Defence Organisation (ADO)

Current Certification Authorities (CAs) DetailsSee Section 4.4.1 of DoD Approved External PKIs Master Document
Current CA CertificatesSee Australian_Defence_Organisation folder in DoD Approved External PKI Certificate Trust Chains zip
Approved Certificate Assurance Levels*See Section 5.24 of DoD Approved External PKIs Master Document
Certificate Revocation List (CRL) Distribution Points**See Australian Defence Organisation section of DoD Approved External CRL Distribution Points (CRLDPs)
Online Certificate Status Protocol (OCSP) Responder URL(s)**See Australian Defence Organisation section of DoD Approved External OCSP URLs
Performs CA Rekeys?No

*As represented by OIDs listed in the Certificate Policies extension of the partner certificate; a certificate must assert at least one approved assurance level to be acceptable for use.

**Note:  These lists are developed and maintained by DoD PKE based on CRLDP and AIA OCSP values asserted in sample certificates provided to DoD by the partner PKI for testing; they are provided for ease of reference and may not be exhaustive in all cases.  Any CRL URL asserted in a CRLDP extension or OCSP URL asserted in an AIA extension of an approved certificate is approved for use by DoD relying parties.

  Title Size Updated
DoD Approved External CRL Distribution Points (CRLDPs) - Version 1.20 DoD Approved External CRL Distribution Points (CRLDPs) - Version 1.20
6.2 KB 2024 08 21
DoD Approved External OCSP URLs - Version 1.18 DoD Approved External OCSP URLs - Version 1.18
3.23 KB 2024 08 21
DoD Approved External PKIs Types 5 & 6 Certificate Trust Chains (Foreign, Allied, Coalition Partner and Other PKIs) - Version 1.4 DoD Approved External PKIs Types 5 & 6 Certificate Trust Chains (Foreign, Allied, Coalition Partner and Other PKIs) - Version 1.4
26.84 KB 2024 08 21
DoD Approved External PKIs Types 3 & 4 Certificate Trust Chains (Non Federal Issuers) - Version 1.17 DoD Approved External PKIs Types 3 & 4 Certificate Trust Chains (Non Federal Issuers) - Version 1.17
81.03 KB 2024 08 21
DoD Approved External PKIs Types 1 & 2 Certificate Trust Chains (Federal Agencies) - Version 1.12 DoD Approved External PKIs Types 1 & 2 Certificate Trust Chains (Federal Agencies) - Version 1.12
65.95 KB 2024 08 21
  DoD Approved External PKIs Master Document - Version 11.1 DoD Approved External PKIs Master Document - Version 11.1
This document provides Certification Authority (CA) certificate trust chain and assurance level information for all Department of Defense (DoD) approved Public Key Infrastructures (PKIs).
1.1 MB 2024 08 21
  DoD Approved External PKI Certificate Trust Chains - Version 11.1 DoD Approved External PKI Certificate Trust Chains - Version 11.1
This zip file contains certificate trust chains for DoD Approved External PKIs.
242.49 KB 2024 08 21
DoD Approved Assurance Levels from External Partner PKIs - Version 1.16 DoD Approved Assurance Levels from External Partner PKIs - Version 1.16
12.1 KB 2023 09 27