Tools

  Title Size Updated
  PKI CA Certificate Bundles: PKCS#7 for DoD WCF B&I Only - Version 5.10 PKI CA Certificate Bundles: PKCS#7 for DoD WCF B&I Only - Version 5.10
This zip file contains the DoD Web Content Filtering (WCF) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
68.27 KB 2020 11 19
  FBCA Cross-Certificate Remover 1.18 FBCA Cross-Certificate Remover 1.18
This tool removes certificates which cause the cross-certificate chaining issue for DoD (and optionally ECA) users from Microsoft Local Computer and User Certificate stores. The following Operating Systems are supported: Windows Server 2003, Windows Server 2003R2, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10.
38.95 KB 2019 10 24
  InstallRoot 5.5 NIPR 64-bit Windows Installer InstallRoot 5.5 NIPR 64-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
28.62 MB 2019 10 24
  InstallRoot 5.5 NIPR Non-Administrator 32-bit Windows Installer InstallRoot 5.5 NIPR Non-Administrator 32-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
27.73 MB 2019 10 24
  InstallRoot 5.5 NIPR 32-bit Windows Installer InstallRoot 5.5 NIPR 32-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
27.98 MB 2019 10 24
  Editing CRLAutoCache Source Locations Editing CRLAutoCache Source Locations
This Quick Reference Guide (QRG) describes how to edit source location and DNLookupTable URLs used by CRLAutoCache for Windows to fetch and cache CRLs.
326.54 KB 2019 08 23
  DoD PKE Tool Configuration File URLs Crosswalk DoD PKE Tool Configuration File URLs Crosswalk
This spreadsheet lists the former IASE and corresponding current GDS locations for configuration files utilized by the DoD PKE InstallRoot and CRLAutoCache tools.
16.84 KB 2019 08 20
  Editing Certificate Group Locations for InstallRoot via the GUI Editing Certificate Group Locations for InstallRoot via the GUI
This Quick Reference Guide (QRG) describes how to edit the default InstallRoot certificate group locations using the InstallRoot graphical user interface (GUI).
243.26 KB 2019 08 20
  Editing CRLAutoCache Source Locations Editing CRLAutoCache Source Locations
This Quick Reference Guide (QRG) describes how to edit source location and DNLookupTable URLs used by CRLAutoCache for Windows to fetch and cache CRLs.
326.54 KB 2019 08 20
  PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.5 PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.5
This zip file contains the External Certification Authority (ECA) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
32.53 KB 2019 06 27
  PKI CA Certificate Bundles: PKCS#7 For DoD PKI Only - Version 5.6 PKI CA Certificate Bundles: PKCS#7 For DoD PKI Only - Version 5.6
This zip file contains the DoD PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
83.99 KB 2019 05 09
  PKI CA Certificate Bundles: PKCS#7 For JITC PKI Only - Version 5.6 PKI CA Certificate Bundles: PKCS#7 For JITC PKI Only - Version 5.6
This zip file contains the Joint Interoperability Test Command (JITC) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
124.76 KB 2019 05 09
Mac OS Smartcard Services Installers Mac OS Smartcard Services Installers
2019 02 27
Mac OS Smartcard Services Installers Mac OS Smartcard Services Installers
2019 02 24
Registry Enrollment and Certificate Issuance Protocol Tool (RECEIPT) Registry Enrollment and Certificate Issuance Protocol Tool (RECEIPT)
2019 02 24
Purebred Registration App Version History Purebred Registration App Version History
2019 02 21
KeyShare Reference for iOS KeyShare Reference for iOS
2019 02 21
  Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide
This guide provides usage instructions for TACT.
2.26 MB 2018 11 30
  Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions
This guide provides installation instructions for TACT.
784.07 KB 2018 11 30
  InstallRoot 5.2: User Guide InstallRoot 5.2: User Guide
This guide provides installation and usage instructions for the DoD PKE InstallRoot 5.2 tool.
2.56 MB 2018 11 30
  PKI Interoperability Test Tool (PITT): 2.0.6 User Guide PKI Interoperability Test Tool (PITT): 2.0.6 User Guide
This guide provides usage instructions for PITT.
1.88 MB 2018 11 30
  FBCA Cross-Certificate Remover 1.15 User Guide FBCA Cross-Certificate Remover 1.15 User Guide
This guide provides usage instructions for the FBCA Cross-Certificate Remover tool.
234.46 KB 2018 11 30

Configuration Files

  Title Size Updated
  PKI CA Certificate Bundles: PKCS#7 for DoD WCF B&I Only - Version 5.10 PKI CA Certificate Bundles: PKCS#7 for DoD WCF B&I Only - Version 5.10
This zip file contains the DoD Web Content Filtering (WCF) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
68.27 KB 2020 11 19
  DoD Approved External CRL Distribution Points (CRLDPs) DoD Approved External CRL Distribution Points (CRLDPs)
This file provides a listing of CRLDPs from DoD approved partner PKIs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
5.42 KB 2019 10 17
  DoD Approved External OCSP URLs DoD Approved External OCSP URLs
This file provides a listing of all On-line Certificate Status Protocol (OCSP) URLs from DoD approved partner PKI OCSP responders. OCSP responders are represented by HTTP URLs that are asserted in the Authority Information Access certificate extension. OCSP validation is one of the mechanisms used by DoD relying party applications to validate certificates.
2.1 KB 2019 10 17
  DoD Approved Assurance Levels from External Partner PKIs DoD Approved Assurance Levels from External Partner PKIs
This file provides a listing of all DoD approved assurance levels from approved partner PKIs. Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the Certificate Policies x509 certificate extension. DoD relying party applications can only accept certificates with OIDs that map to FBCA medium hardware assurance level or higher (includes PIV and PIV-I OIDs).
11.75 KB 2019 10 17
  DoD Approved External PKI Certificate Trust Chains - Version 7.3 DoD Approved External PKI Certificate Trust Chains - Version 7.3
This zip file contains certificate trust chains for DoD Approved External PKIs. Version 7.3 adds a rekeyed Treasury PKI root and new NASA issuance chain and removes several expired CAs. Cumulative updates since version 6.5 include new infrastructure for DoT under Symantec SSP PKI, a rekeyed HHS issuing CA under Entrust SSP, a new SHA-256 issuance chain for Boeing PKI, a rekeyed Entrust NFI issuance chain, and a new VA issuing CA under Verizon Business SSP. – August 27, 2019
246.63 KB 2019 10 17
  DoD Approved External PKIs Category 1 Certificate Trust Chains (Federal Agencies) - Version 1.7 DoD Approved External PKIs Category 1 Certificate Trust Chains (Federal Agencies) - Version 1.7
This zip file contains certificate trust chains for DoD Approved External Category 1 PKIs (Federal Agencies).
68.93 KB 2019 10 17
  DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.9 DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.9
This zip file contains certificate trust chains for DoD Approved External Category 2 PKIs (Non Federal Issuers).
75.59 KB 2019 10 17
  DoD and ECA CRL Distribution Points (CRLDPs) DoD and ECA CRL Distribution Points (CRLDPs)
This file provides a listing of all DoD and ECA CRLDPs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
3.03 KB 2019 06 27
  PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.5 PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.5
This zip file contains the External Certification Authority (ECA) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
32.53 KB 2019 06 27
WCF.reg WCF.reg
1.29 KB 2019 05 13
  PKI CA Certificate Bundles: PKCS#7 For DoD PKI Only - Version 5.6 PKI CA Certificate Bundles: PKCS#7 For DoD PKI Only - Version 5.6
This zip file contains the DoD PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
83.99 KB 2019 05 09
DoD and ECA Cross Certificates DoD and ECA Cross Certificates
10.46 KB 2019 02 26