Tools

  Title Size Updated
  PKI CA Certificate Bundles: PKCS#7 for WCF B&I PKI Only - Version 5.14 PKI CA Certificate Bundles: PKCS#7 for WCF B&I PKI Only - Version 5.14
This zip file contains the DoD Web Content Filtering (WCF) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
68.11 KB 2023 03 02
  PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.9 PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.9
This zip file contains the External Certification Authority (ECA) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
36.62 KB 2023 03 02
  PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11 PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11
This zip file contains the DoD PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
97.27 KB 2023 03 02
  FBCA Cross-Certificate Remover 1.18 FBCA Cross-Certificate Remover 1.18
This tool removes certificates which cause the cross-certificate chaining issue for DoD (and optionally ECA) users from Microsoft Local Computer and User Certificate stores. The following Operating Systems are supported: Windows Server 2003, Windows Server 2003R2, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10.
38.95 KB 2019 10 24
  InstallRoot 5.5 NIPR 64-bit Windows Installer InstallRoot 5.5 NIPR 64-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows 10, Windows 11, and Windows Server 2012, 2016, 2019, and 2022.
28.62 MB 2019 10 24
  InstallRoot 5.5 NIPR Non-Administrator 32-bit Windows Installer InstallRoot 5.5 NIPR Non-Administrator 32-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows 10, Windows 11, and Windows Server 2012, 2016, 2019, and 2022.
27.73 MB 2019 10 24
  InstallRoot 5.5 NIPR 32-bit Windows Installer InstallRoot 5.5 NIPR 32-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows 10, Windows 11, and Windows Server 2012, 2016, 2019, and 2022.
27.98 MB 2019 10 24
  Editing CRLAutoCache Source Locations Editing CRLAutoCache Source Locations
This Quick Reference Guide (QRG) describes how to edit source location and DNLookupTable URLs used by CRLAutoCache for Windows to fetch and cache CRLs.
326.54 KB 2019 08 23
  Editing Certificate Group Locations for InstallRoot via the GUI Editing Certificate Group Locations for InstallRoot via the GUI
This Quick Reference Guide (QRG) describes how to edit the default InstallRoot certificate group locations using the InstallRoot graphical user interface (GUI).
243.26 KB 2019 08 20
Mac OS Smartcard Services Installers Mac OS Smartcard Services Installers
2019 02 24
Purebred Registration App Version History Purebred Registration App Version History
2019 02 21
KeyShare Reference for iOS KeyShare Reference for iOS
2019 02 21
  Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide
This guide provides usage instructions for TACT.
2.26 MB 2018 11 30
  Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions
This guide provides installation instructions for TACT.
784.07 KB 2018 11 30
  InstallRoot 5.2: User Guide InstallRoot 5.2: User Guide
This guide provides installation and usage instructions for the DoD PKE InstallRoot 5.2 tool.
2.56 MB 2018 11 30
  PKI Interoperability Test Tool (PITT): 2.0.6 User Guide PKI Interoperability Test Tool (PITT): 2.0.6 User Guide
This guide provides usage instructions for PITT.
1.88 MB 2018 11 30
  FBCA Cross-Certificate Remover 1.15 User Guide FBCA Cross-Certificate Remover 1.15 User Guide
This guide provides usage instructions for the FBCA Cross-Certificate Remover tool.
234.46 KB 2018 11 30

Configuration Files

  Title Size Updated
  PKI CA Certificate Bundles: PKCS#7 for JITC PKI Only - Version 5.12 PKI CA Certificate Bundles: PKCS#7 for JITC PKI Only - Version 5.12
This zip file contains the Joint Interoperability Test Command (JITC) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
178.2 KB 2023 05 15
  DoD Approved Assurance Levels from External Partner PKIs - Version 1.15 DoD Approved Assurance Levels from External Partner PKIs - Version 1.15
This file provides a listing of all DoD approved assurance levels from approved partner PKIs. Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the Certificate Policies x509 certificate extension. DoD relying party applications can only accept certificates with OIDs that map to FBCA medium hardware assurance level or higher (includes PIV and PIV-I OIDs).
12.1 KB 2023 04 19
  DoD Approved External CRL Distribution Points (CRLDPs) - Version 1.16 DoD Approved External CRL Distribution Points (CRLDPs) - Version 1.16
This file provides a listing of CRLDPs from DoD approved partner PKIs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
5.96 KB 2023 04 19
  DoD Approved External OCSP URLs - Version 1.15 DoD Approved External OCSP URLs - Version 1.15
This file provides a listing of all On-line Certificate Status Protocol (OCSP) URLs from DoD approved partner PKI OCSP responders. OCSP responders are represented by HTTP URLs that are asserted in the Authority Information Access certificate extension. OCSP validation is one of the mechanisms used by DoD relying party applications to validate certificates.
3.14 KB 2023 04 19
  DoD Approved External PKI Certificate Trust Chains - Version 10.0 DoD Approved External PKI Certificate Trust Chains - Version 10.0
This zip file contains certificate trust chains for DoD Approved External PKIs.
217.71 KB 2023 04 19
  DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.14 DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.14
This zip file contains certificate trust chains for DoD Approved External Category 2 PKIs (Non Federal Issuers).
81.56 KB 2023 04 19
  PKI CA Certificate Bundles: PKCS#7 for WCF B&I PKI Only - Version 5.14 PKI CA Certificate Bundles: PKCS#7 for WCF B&I PKI Only - Version 5.14
This zip file contains the DoD Web Content Filtering (WCF) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
68.11 KB 2023 03 02
  PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.9 PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.9
This zip file contains the External Certification Authority (ECA) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
36.62 KB 2023 03 02
  PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11 PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11
This zip file contains the DoD PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
97.27 KB 2023 03 02
  DoD and ECA CRL Distribution Points (CRLDPs) DoD and ECA CRL Distribution Points (CRLDPs)
This file provides a listing of all DoD and ECA CRLDPs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
4.47 KB 2023 01 20
  DoD Approved External PKIs Category 3 Certificate Trust Chains (Foreign, Allied, Coalition Partner and Other PKIs) - Version 1.3 DoD Approved External PKIs Category 3 Certificate Trust Chains (Foreign, Allied, Coalition Partner and Other PKIs) - Version 1.3
This zip file contains certificate trust chains for DoD Approved External Category 3 PKIs (Foreign, Allied, Coalition Partner and Other PKIs).
2022 11 07
  DoD Approved External PKIs Category 1 Certificate Trust Chains (Federal Agencies) - Version 1.10 DoD Approved External PKIs Category 1 Certificate Trust Chains (Federal Agencies) - Version 1.10
This zip file contains certificate trust chains for DoD Approved External Category 1 PKIs (Federal Agencies).
62.79 KB 2022 08 01