Tools
Title | Size | Updated | |
---|---|---|---|
PKI CA Certificate Bundles: PKCS#7 for WCF B&I PKI Only - Version 5.14
This zip file contains the DoD Web Content Filtering (WCF) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
|
68.11 KB |
02 Mar 2023
|
|
PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.9
This zip file contains the External Certification Authority (ECA) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
|
36.62 KB |
02 Mar 2023
|
|
PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11
This zip file contains the DoD PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
|
97.27 KB |
02 Mar 2023
|
|
FBCA Cross-Certificate Remover 1.18
This tool removes certificates which cause the cross-certificate chaining issue for DoD (and optionally ECA) users from Microsoft Local Computer and User Certificate stores. The following Operating Systems are supported: Windows Server 2003, Windows Server 2003R2, Windows Server 2008, Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10.
|
38.95 KB |
24 Oct 2019
|
|
InstallRoot 5.5 NIPR 64-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows 10, Windows 11, and Windows Server 2012, 2016, 2019, and 2022.
|
28.62 MB |
24 Oct 2019
|
|
InstallRoot 5.5 NIPR Non-Administrator 32-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows 10, Windows 11, and Windows Server 2012, 2016, 2019, and 2022.
|
27.73 MB |
24 Oct 2019
|
|
InstallRoot 5.5 NIPR 32-bit Windows Installer
This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.5 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows 10, Windows 11, and Windows Server 2012, 2016, 2019, and 2022.
|
27.98 MB |
24 Oct 2019
|
|
Editing CRLAutoCache Source Locations
This Quick Reference Guide (QRG) describes how to edit source location and DNLookupTable URLs used by CRLAutoCache for Windows to fetch and cache CRLs.
|
326.54 KB |
23 Aug 2019
|
|
Editing Certificate Group Locations for InstallRoot via the GUI
This Quick Reference Guide (QRG) describes how to edit the default InstallRoot certificate group locations using the InstallRoot graphical user interface (GUI).
|
243.26 KB |
20 Aug 2019
|
|
Mac OS Smartcard Services Installers
|
— |
24 Feb 2019
|
|
Purebred Registration App Version History
|
— |
21 Feb 2019
|
|
KeyShare Reference for iOS
|
— |
21 Feb 2019
|
|
Trust Anchor Constraints Tool (TACT): 1.2.6 User Guide
This guide provides usage instructions for TACT.
|
2.26 MB |
30 Nov 2018
|
|
Trust Anchor Constraints Tool (TACT): 1.2.6 Installation Instructions
This guide provides installation instructions for TACT.
|
784.07 KB |
30 Nov 2018
|
|
InstallRoot 5.2: User Guide
This guide provides installation and usage instructions for the DoD PKE InstallRoot 5.2 tool.
|
2.56 MB |
30 Nov 2018
|
|
PKI Interoperability Test Tool (PITT): 2.0.6 User Guide
This guide provides usage instructions for PITT.
|
1.88 MB |
30 Nov 2018
|
|
FBCA Cross-Certificate Remover 1.15 User Guide
This guide provides usage instructions for the FBCA Cross-Certificate Remover tool.
|
234.46 KB |
30 Nov 2018
|
Configuration Files
Title | Size | Updated | |
---|---|---|---|
PKI CA Certificate Bundles: PKCS#7 for JITC PKI Only - Version 5.12
This zip file contains the Joint Interoperability Test Command (JITC) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
|
178.2 KB |
15 May 2023
|
|
DoD Approved Assurance Levels from External Partner PKIs - Version 1.15
This file provides a listing of all DoD approved assurance levels from approved partner PKIs. Assurance levels are represented by Certificate Policy Object Identifiers (OIDs) which are asserted in the Certificate Policies x509 certificate extension. DoD relying party applications can only accept certificates with OIDs that map to FBCA medium hardware assurance level or higher (includes PIV and PIV-I OIDs).
|
12.1 KB |
19 Apr 2023
|
|
DoD Approved External CRL Distribution Points (CRLDPs) - Version 1.16
This file provides a listing of CRLDPs from DoD approved partner PKIs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
|
5.96 KB |
19 Apr 2023
|
|
DoD Approved External OCSP URLs - Version 1.15
This file provides a listing of all On-line Certificate Status Protocol (OCSP) URLs from DoD approved partner PKI OCSP responders. OCSP responders are represented by HTTP URLs that are asserted in the Authority Information Access certificate extension. OCSP validation is one of the mechanisms used by DoD relying party applications to validate certificates.
|
3.14 KB |
19 Apr 2023
|
|
DoD Approved External PKI Certificate Trust Chains - Version 10.0
This zip file contains certificate trust chains for DoD Approved External PKIs.
|
217.71 KB |
19 Apr 2023
|
|
DoD Approved External PKIs Category 2 Certificate Trust Chains (Non Federal Issuers) - Version 1.14
This zip file contains certificate trust chains for DoD Approved External Category 2 PKIs (Non Federal Issuers).
|
81.56 KB |
19 Apr 2023
|
|
PKI CA Certificate Bundles: PKCS#7 for WCF B&I PKI Only - Version 5.14
This zip file contains the DoD Web Content Filtering (WCF) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
|
68.11 KB |
02 Mar 2023
|
|
PKI CA Certificate Bundles: PKCS#7 for ECA PKI Only - Version 5.9
This zip file contains the External Certification Authority (ECA) PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
|
36.62 KB |
02 Mar 2023
|
|
PKI CA Certificate Bundles: PKCS#7 for DoD PKI Only - Version 5.11
This zip file contains the DoD PKI Certification Authority (CA) certificates in PKCS#7 certificate bundles containing either PEM-encoded or DER-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to only accept certificates issued with the key and signature hash combinations (e.g. RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all .p7b files using the signed SHA-256 hashes file (.sha256) are included in the README.
|
97.27 KB |
02 Mar 2023
|
|
DoD and ECA CRL Distribution Points (CRLDPs)
This file provides a listing of all DoD and ECA CRLDPs. CRLDPs are represented by HTTP URLs that are asserted in the CRL Distribution Points certificate extension. CRLDPs are one of the mechanisms used by DoD relying party applications to validate certificates.
|
4.47 KB |
20 Jan 2023
|
|
DoD Approved External PKIs Category 3 Certificate Trust Chains (Foreign, Allied, Coalition Partner and Other PKIs) - Version 1.3
This zip file contains certificate trust chains for DoD Approved External Category 3 PKIs (Foreign, Allied, Coalition Partner and Other PKIs).
|
— |
07 Nov 2022
|
|
DoD Approved External PKIs Category 1 Certificate Trust Chains (Federal Agencies) - Version 1.10
This zip file contains certificate trust chains for DoD Approved External Category 1 PKIs (Federal Agencies).
|
62.79 KB |
01 Aug 2022
|