Some of our .mil website users have encountered problems accessing secure pages using an "https" web address. If your browser indicates a problem with our security certificate, please read the following information to resolve the issue.
When accessing a secure (SSL) web page, your browser attempts to verify the identity of the server by checking the site certificate. A certificate is a digital document that identifies websites or individuals, and is issued by a trusted third party provider called a "certificate authority" (CA). Department of Defense (DoD) policy requires that we use certificates issued by the DoD Certificate Authority for identity verification and encryption, rather than those issued by a commercial certificate authority.
Web browsers are pre-loaded with a default set of root certificate authorities which usually does NOT include the DoD Medium Assurance and Class 3 Root Certificate Authorities among its list of Intermediate and Trusted Root CAs.
This causes a warning to be displayed when you attempt to connect to a secure page on the site. In this case, the browser does not recognize the DoD as the Certificate Authority.
To resolve this problem, you must install the DoD Root Certificates on your browser. Once installed, your web browser will trust the identity of web sites whose secure communications are authenticated by the Department of Defense and allow future access to these sites.
If you are receiving one of the messages below, please follow the steps to install the DoD Root CA Certificates:
Most browsers will give you the option to "proceed" to the questionable website and, at the same time, create a security exception that allows subsequent visits to the same site without displaying the warning.
Before you do this, you should view the certificate in your browser and confirm that (1) the "Common Name (CN)" matches the site you're attempting to reach, and (2) that the certificate expiration date hasn't passed.
If those items check out, and you're attempting to access a *army.mil URL, you are safe to proceed.
You can manually install the Root Certificates into your browser. While more complicated, this method will resolve the issue for most all sites using DoD-issued certificates.
Here are the instructions for installing the certificates using Internet Explorer browser. If these instructions are beyond your level of expertise or privileges, or you're using a different browser you should call you IT Department for further assistance.
You should now be able to view the DoD CAs that you installed listed under the Trusted Root Certification Authorities tab of your browser (Tools >> Internet Options >> Content >> Certificates)