US Army Corps of Engineers ®

Northwestern Division

Relevant, Ready, Responsible, Reliable - Proudly serving the Armed Forces and the Nation now and in the future.

What is SSL?

The Secure Sockets Layer (SSL) security protocol provides data encryption, server authentication, message integrity, and optional client authentication. Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on their SSL capabilities. Digital certificates encrypt data using SSL technology, the industry-standard method for protecting web communications.

The following steps describe how to add the DoD PKI root certificate authority to the certificate store.

Internet Explorer:

  1. Select the Download DoD Root Certificate link. When prompted, select the option "Open this file from its current location."
  2. This will activate the Certificate Manager Import Wizard. At the "Welcome to the Certificate Manager Import Wizard" screen, select Next.
  3. At the "Select a Certificate Store" screen, select the option "Automatically select the certificate store based on the type of certificate." Then select Next.
  4. Next you will see the "Completing the Certificate Manager Import Wizard" screen. Select Finish.
  5. You will be prompted to add the certificate to the Root Store. Select Yes.
  6. You will be prompted that the import was successful. Select OK. The DoD PKI root certificate has now been added to your Internet Explorer certificate store. Each time you access a web site that has a DoD PKI certificate, the site will be immediately displayed and your session with the site will be encrypted.

For Windows 2000 Machines:

The following steps describe how to add the DoD PKI root certificate authority to the certificate store in Internet Explorer:

  1. Select the Download DoD Root Certificate link. When prompted, select the option "Open this file from its current location."
  2. This will open up the Certificates Management Console. In the left pane, expand the tree and the Certificates folder will be displayed. Highlight the Certificates folder to display its contents in the right pane. You should see five certificates in the right pane. Highlight "DoD PKI Med Root CA."
  3. Double click on "DoD PKI Med Root CA."
  4. Select Install Certificate.
  5. Select Next.
  6. Select Browse.
  7. Check "Show Physical Stores" in the Select Certificate Store window.
  8. Expand Trusted Root Certification Authorities.
  9. Highlight "Local Computer."
  10. Select OK.
  11. Make sure the Certificate Store field says "Trusted Root Certificate Authorities\Local Computer."
  12. Select Next.
  13. Select Finish.
  14. Repeat this process for "Med CA-1" and "Med CA-2" (disregard "Med Email CA-1 and Med Email CA-2").

For Netscape Navigator users:

When you go to Portland Internet site a New Site Certificate box will pop up. Follow these directions to permanently accept the certificate:

  1. Click NEXT, another New Site Certificate box will pop up.
  2. Click NEXT again, another New Site Certificate box will pop up.
  3. Select "Accept Certificate Forever (until it expires), click NEXT, another New Site Certificate box will pop up.
  4. Click NEXT again, another New Site Certificate box will pop up.
  5. Click Finish.

For Netscape 6 users:

Follow these directions to permanently accept the certificate:

  1. Security Warning box: click OK.
  2. New Web Site Certificate box Step 1: click NEXT
  3. Step 2 dialog box: check "Accept this certificate forever. (until it expires)"
  4. Click Finish.

How do I know a site is using SSL?

1. The lock icon on your browser will be closed.
2. The URL for the site will start with https://
(If a site does not contains these things, it is not a secured data encrypted site.)

How does it affect me?

Since the Portland District Internet site is adding this security measure, you will notice new Security Alert prompts. Read on to learn how to prevent these prompts from displaying.

Why does a Security Alert(IE)/New Web Site Certificate(Netscape) box pop up each time I enter the Portland District Internet site?

A digital certificate was created to communicate authenticity of security to web browsers. Once you permanently accept the Digital Certificate this Security Message is no longer displayed.

How can I get rid of the Security Alert / Warning box notifying me that I am entering a secured site

The Security Alert/Warning box is a function of your browser and you can chose to uncheck the "Show me this Alert next time" box. However, you will not get a Security Alert for any other secured site.

Why does the Security Alert say, "not trusted"?

By default the browser assumes nothing can be trusted. It is up to the user to accept the security provided by the certificate authority.

"This page contains secure and non-secure items"

One trigger for this message is a remote image source within the HTML code.

Content POC: Patrick Swan, 503-808-3710 | Technical POC: NWP Webmaster | Last updated: 4/21/2006 3:10:22 PM

DISCLAIMER: The appearance of external hyperlinks does not constitute endorsement by the U.S. Army Corps of Engineers (USACE) of external web sites or the information, products, or services contained therein. USACE does not exercise any editorial control over the information you may find at this location.