While most computers automatically recognize public Certification Authorities (CAs) that are trusted to validate the identity of secure (HTTPS) websites, many .MIL sites are verified through private DoD CAs whose certificates require manual installation by a local system administrator. IT departments within the DoD typically install and update these certificates for their employees automatically, but there are occasions that updates do not reach all user workstations and a manual installation becomes necessary. Non-DoD agencies, private sector organizations and home users do not typically have DoD CA certificates installed on their computers and will more than likely be required to complete the steps that follow in order to access many DAU resources.

* IMPORTANT *
The instructions that follow only apply to Desktop/Laptop computers with a Windows-based operating system.

Installing Required PKI Certificates for DoD (.mil) Websites

1. Please choose from the certificate icons below to download the lastest version of the DoD InstallRoot tool from DoD Cyber Exchange website. If prompted to open or save the InstallRoot file, please save the file locally.
   
              
   
   * WHICH DO I CHOOSE? *
   If your computer was issued by your organization/agency, you may use the Non Administrator installation. Those who have administrative rights to their computer should download the 32/64-bit Installer. To determine which of the two is appropriate, simply click on your Windows Start menu, right-click on Computer, and select Properties to identify the “System Type.” Windows 10 users may simply type the word "System" in the Cortana ("Ask me anything") search bar and press ENTER.
   
   
   
2. Open the downloaded InstallRoot file and selected Next from the setup wizard.
   
   
   
   * IMPORTANT *
   If the InstallRoot file is blocked or you are prompted to enter a username and password, please contact your local IT department; a system administrator may need to complete the installation process on your behalf.
   
   
   
3. You will be prompted to choose a file location. The default path identified is just fine; select Next to continue..
   
   
   
   * IMPORTANT *
   If you are presented with a screen that states, "Change your Installation of InstallRoot," you should choose the Repair option. Afterwards, you will need to choose Repair and Close on the two prompts that follow. You may then resume with Step #4 below.
   
   
4. At the prompt for InstallRoot Features, you may leave the Graphical Interface checked and uncheck Command-Line Tool; click Next to continue.
   
   
   
   
   
5. You're now ready to begin the installation; choose Install.
   
   
   
   
   
6. Once you receive notice of a successful installation, please choose the option to Run InstallRoot..
   
   
   
   
   
7. After the purple splash-screen appears, you may be prompted with one or more pop-up windows asking if you would like InstallRoot to manage Java and/or Firefox certificates. If so, please select Yes to each pop-up that's presented. Otherwise, continue with Step #8 below.
   
   
   
   
   
8. When the graphical user interface appears, simply select the Install Certificates icon.
   
   
   
   * IMPORTANT *
   If you are presented with a notice indicating that "some running processes that may conflict with the application" have been detected, you will need to close the Internet browser identified at the bottom of this notification and then try selecting the Install Certifications icon again in order to continue.
   
   
   
9. You may once again be presented with one or more pop-up windows asking you to confirm the installation of certain certificates that are not currently recognized on your computer. If so, please select Yes to each pop-up that's presented. Otherwise, continue with Step #10 below.
   
   
   
10. After all certificates have been installed, you will be presented with an action summary that identifies all changes made; click OK.
    
    
    
    
    
11. At this point, you may close out of the InstallRoot tool. Afterwards, please be sure to close your Internet browser, ensuring no websites remain open in the background.
    
    
    
    
    
12. Now that the new certificates have been installed, you will need to ensure that certain revoked certificates are not reflected in your system. To do so, please click on your Windows Start menu and type "Internet Options" in the search bar; press ENTER. Windows 10 users may type the same text in their Cortana ("Ask me anything") search field on the Windows Taskbar.
    
    
    
    
    
13. Click on the Content tab at the top of the Internet Options window and select Certificates.
    
    
    
    
    
14. Select the tab for Intermediate Certification Authorities.
    
    
    
    
    
15. Scroll through the list of certificates, looking under the Issued To column, and ensure that there are NO certificates that reference "DoD Interoperability." If you find any certificates with this text, please select the certificate and choose the Remove button. Select Yes on the confirmation window to finalize this action.
    
    
    
    * IMPORTANT *
    If your Remove button is disabled, please contact your local IT department; a system administrator will need to complete this action.
    
    
    
16. Scroll through the same list of certificates, this time looking under the Issued By column, and ensure that there are NO certificates that reference "DoD Interoperability." If you find any certificates with this text, please select the certificate and choose the Remove button. Select Yes on the confirmation window to finalize this action.
    
    
    
    * IMPORTANT *
    If your Remove button is disabled, please contact your local IT department; a system administrator will need to complete this action.
    
    
    
17. You may now select the Close button to exit the Certificates window.
    
    
    
    
    
18. From the Internet Options "Content" tab, please choose Clear SSL State and select OK on the confirmation window.
    
    
    
    
    
19. You may now click OK to exit the Internet Options dialog and proceed to test connectivity to DAU's secure (HTTPS) resources.
    
    

A: If you are using a work-issued computer, many settings and capabilities may be restricted. In such cases, you should contact your local IT support and request assistance in completing the steps.

A: Yes - While the InstallRoot tool typically installs certificates to the correct location automatically, sometimes pre-existing configuration conflicts linger. Please   Click Here   for step-by-step instructions that will help identify and resolve such conflicts..