Sign In
Menu

Operating Status

Fully Operational
App icon

DAU App

Available Now!
Get the App
Click Here to Continue Browser Session   ❯
  1. Defense Acquisition University
  2. Frequently Asked Questions

Addressing .MIL Security Certificate Issues


Overview

While most computers automatically recognize public Certification Authorities (CAs) that are trusted to validate the identity of secure (HTTPS) websites, many .MIL sites are verified through private DoD CAs whose certificates require manual installation by a local system administrator. IT departments within the DoD typically install and update these certificates for their employees automatically, but there are occasions that updates do not reach all user workstations and a manual installation becomes necessary. Non-DoD agencies, private sector organizations and home users do not typically have DoD CA certificates installed on their computers and will more than likely be required to complete the steps that follow in order to access many DAU resources.

* IMPORTANT *
The instructions that follow only apply to Desktop/Laptop computers with a Windows-based operating system.



Installing Required PKI Certificates for DoD (.mil) Websites


  1. Please choose from the certificate icons below to download the lastest version of the DoD InstallRoot tool from DoD Cyber Exchange website. If prompted to open or save the InstallRoot file, please save the file locally.

    Click Here to Download the Non-Administrator Installation Wizard           Click Here to Download the 32-Bit Installation Wizard (Administrators Only)      Click Here to Download the 64-Bit Installation Wizard (Administrators Only)

    * WHICH DO I CHOOSE? *
    If your computer was issued by your organization/agency, you may use the Non Administrator installation. Those who have administrative rights to their computer should download the 32/64-bit Installer. To determine which of the two is appropriate, simply click on your Windows Start menu, right-click on Computer, and select Properties to identify the “System Type.” Windows 10 users may simply type the word "System" in the Cortana ("Ask me anything") search bar and press ENTER.


  2. Open the downloaded InstallRoot file and selected Next from the setup wizard.



    * IMPORTANT *
    If the InstallRoot file is blocked or you are prompted to enter a username and password, please contact your local IT department; a system administrator may need to complete the installation process on your behalf.


  3. You will be prompted to choose a file location. The default path identified is just fine; select Next to continue..

    Select Next

    * IMPORTANT *
    If you are presented with a screen that states, "Change your Installation of InstallRoot," you should choose the Repair option. Afterwards, you will need to choose Repair and Close on the two prompts that follow. You may then resume with Step #4 below.

  4. At the prompt for InstallRoot Features, you may leave the Graphical Interface checked and uncheck Command-Line Tool; click Next to continue.

    Uncheck Command-Line Tool and select Next
  5. You're now ready to begin the installation; choose Install.

    Select the Install button


  6. Once you receive notice of a successful installation, please choose the option to Run InstallRoot..

    Select Run InstallRoot


  7. After the purple splash-screen appears, you may be prompted with one or more pop-up windows asking if you would like InstallRoot to manage Java and/or Firefox certificates. If so, please select Yes to each pop-up that's presented. Otherwise, continue with Step #8 below.

    InstallRoot Splash Screen


  8. When the graphical user interface appears, simply select the Install Certificates icon.

    Select the Install Certification button

    * IMPORTANT *
    If you are presented with a notice indicating that "some running processes that may conflict with the application" have been detected, you will need to close the Internet browser identified at the bottom of this notification and then try selecting the Install Certifications icon again in order to continue.


  9. You may once again be presented with one or more pop-up windows asking you to confirm the installation of certain certificates that are not currently recognized on your computer. If so, please select Yes to each pop-up that's presented. Otherwise, continue with Step #10 below.


  10. After all certificates have been installed, you will be presented with an action summary that identifies all changes made; click OK.

    Select OK to Continue


  11. At this point, you may close out of the InstallRoot tool. Afterwards, please be sure to close your Internet browser, ensuring no websites remain open in the background.

    Close the InstallRoot program


  12. Now that the new certificates have been installed, you will need to ensure that certain revoked certificates are not reflected in your system. To do so, please click on your Windows Start menu and type "Internet Options" in the search bar; press ENTER. Windows 10 users may type the same text in their Cortana ("Ask me anything") search field on the Windows Taskbar.

    Accessing Internet Options through Windows search


  13. Click on the Content tab at the top of the Internet Options window and select Certificates.

    Select the Content tab going across the top of the Internet Properties window and then select the Certificates button


  14. Select the tab for Intermediate Certification Authorities.

    Select the Intermediate Certification Authorities tab going across the top of the Certificates window


  15. Scroll through the list of certificates, looking under the Issued To column, and ensure that there are NO certificates that reference "DoD Interoperability." If you find any certificates with this text, please select the certificate and choose the Remove button. Select Yes on the confirmation window to finalize this action.

    Image depicting the search for Interet Options from the Windows 7 Start menu

    * IMPORTANT *
    If your Remove button is disabled, please contact your local IT department; a system administrator will need to complete this action.


  16. Scroll through the same list of certificates, this time looking under the Issued By column, and ensure that there are NO certificates that reference "DoD Interoperability." If you find any certificates with this text, please select the certificate and choose the Remove button. Select Yes on the confirmation window to finalize this action.

    Image depicting the search for Interet Options from the Windows 7 Start menu

    * IMPORTANT *
    If your Remove button is disabled, please contact your local IT department; a system administrator will need to complete this action.


  17. You may now select the Close button to exit the Certificates window.

    Image depicting the selection of the selection of the Clear SSL State button from the Internet Options Content tab


  18. From the Internet Options "Content" tab, please choose Clear SSL State and select OK on the confirmation window.

    Image depicting the selection of the selection of the Clear SSL State button from the Internet Options Content tab


  19. You may now click OK to exit the Internet Options dialog and proceed to test connectivity to DAU's secure (HTTPS) resources.


RELATED FAQs:


Q: I'm having trouble completing all of the steps, what can I do?
A: If you are using a work-issued computer, many settings and capabilities may be restricted. In such cases, you should contact your local IT support and request assistance in completing the steps.
Q: I have completed the steps above. but I'm still faced with the same error. Do you have any additional recommendations?
A: Yes - While the InstallRoot tool typically installs certificates to the correct location automatically, sometimes pre-existing configuration conflicts linger. Please   Click Here   for step-by-step instructions that will help identify and resolve such conflicts..