Public Key Infrastructure (PKI) and Public Key Enabling (PKE)

IASE Home > PKI & PKE Home

Important!

DoD PKI has been added to the Adobe Approved Trust List (AATL). This means that DoD PKI certificates will automatically be trusted and usable by Adobe products such as Reader and Acrobat with no additional configuration required. More information can be found on the AATL Member page.

To ensure that users do not experience denial of service when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CA 2, the Windows 7 STIG requires that the DoD Interoperability Root CA to DoD Root CA 2 cross certificate be installed in the Untrusted Certificate Store. This can be accomplished by running the FBCA cross-certificate removal tool which automatically installs the cross certificate into the Untrusted Certificate Store. Alternatively, the cross-certificate can be obtained here (*PKI) and installed manually.

The DoD PKE team's email address has recently changed due to the migration to Defense Enterprise Email. Our new email address is dodpke@mail.mil.

ActivIdentity NFI PKI is no longer a DoD Approved External PKI as of 29 June 2012 and will cease operation of its PKI effective 1 August 2012. Per DoD CIO, *DoD relying parties may continue to accept ActivIdentity NFI certificates issued prior to 29 June 2012 until 1 August 2012*.

DoD PKE has recently received several reports of smart card logon issues due to disablement of the Task Scheduler on Windows Server 2008 and enforcement of passwords via the Force Strong Key Protection group policy on the domain controller private key. Two new FAQs have been posted discussing these issues and their resolutions:

News and Upcoming Events

Spring/Summer 2012 Current PKE Quarterly Post - (PDF Download) Date: 08/2012 | Size: 1,408 KB

News:

DoD PKE RSS Feeds Now Available

As part of our ongoing efforts to improve both our website and our notification processes, DoD PKE is now offering RSS feeds. Three different feeds are currently available: Tools, Interoperability, and Newsletters. You can subscribe to these feeds by selecting the icon at the top of the corresponding page or by visiting our RSS feeds page at http://iase.disa.mil/rss/index.html.

Upcoming Conferences:

2012 Information Assurance Symposium (IAS)
August 28-30, 2012 (Early Bird Session August 27)
Gaylord Opryland Nashville
2800 Opryland Drive
Nashville, TN 37214

Upcoming Training:

The following is the DoD LRA, RA and KRA training schedule. All training takes place in Herndon, Virginia. RA and KRA training requires the trainees to obtain an RA or KRA nomination letter from their CC/S/A in order to attend the class. At that point, further logistic information will be provided.

Training Schedule

Dates

LRA Training

RA Training

KRA Training

Optional NSS Session (half day)

Feb 28 - Mar 2 02/28/2012 02/29/2012 03/01/2012 03/02/2012
Apr 03 - 06 04/03/2012 04/04/2012 04/05/2012 04/06/2012
Apr 24 - 27 04/24/2012 04/25/2012 04/26/2012 04/27/2012
May 22 - 25 05/22/2012 05/23/2012 05/24/2012 05/25/2012
Jun 26 - 29 06/26/2012 06/27/2012 06/28/2012 06/29/2012
Jul 24 - 27 07/24/2012 07/25/2012 07/26/2012 07/27/2012
Aug 28 - 31 08/28/2012 08/29/2012 08/30/2012 08/31/2012
Sep 25 - 28 09/25/2012 09/26/2012 09/27/2012 09/28/2012
Oct 23 - 26 10/23/2012 10/24/2012 10/25/2012 10/26/2012
Nov 13 - 16 11/13/2012 11/14/2012 11/15/2012 11/16/2012
Dec 11 - 14 12/11/2012 12/12/2012 12/13/2012 11/14/2012
Jan 15 - 18 01/15/2013 01/16/2013 01/17/2013 01/18/2013
Feb 19 - 22 02/19/2013 02/20/2013 02/21/2013 02/22/2013

Upcoming Events:

None at this time

Mission Statement:

The Public Key Infrastructure (PKI) and Public Key Enablement (PKE) website is intended to be a collaborative forum where DoD community members can exchange ideas, information, insights, and lessons learned related to PKI and PKE. Currently, the site contains information on upcoming activities and events, general technical support questions and answers, and resource documents such as reference guides (RGs), lessons learned, and frequently asked questions (FAQs). In addition, a series of tools are available to streamline the process of installing, publishing, and tracking certificates. As this site grows and develops, we will host discussion forums to facilitate information sharing on topics such as digital signature schemes, implementation issues, virtual private networks (VPNs), and other pertinent documents.

The PKI and PKE web site is dynamic, and will be updated and expanded to reflect new topics and areas of interest. You are invited to participate in the shaping of the site by contacting us and sharing your thoughts and experiences by e-mailing us at dodpke@mail.mil.

DoD Root CA 2 SHA-1 Hash: 8c941b34ea1ea6ed9ae2bc54cf687252b4c9b561
DoD Root CA 2 SHA-256 Hash: 9676f287356c89a12683d65234098cb77c4f1c18f23c0e541de0e196725b7ebe

Web page last revised: 09/20/2012