How to obtain and use DoD PKI/CAC Certificates to access www.iad.gov.
How are certificates used with this site and other protected IAD web sites?
While some areas on this site are public, other areas require you to join the site in order to access the content. Most of the content can only be accessed if you have a Federal/DoD Public Key Infrastructure (PKI), Personal Identity Verification (PIV) or Common Access Card (CAC) installed in your browser. You do not need to join this site to see the public content. Portions of other IAD web sites also require DoD PKI/PIV/CAC certificates for access. Explicit instructions for joining other IAD web sites are outlined on each site. Your certificate will automatically be recognized after you register if it is correctly installed in your browser.
Are you getting a site certificate error when trying to access a protected web site?
This web site uses SSL protection to help secure our content. Access requires that a site security certificate is loaded into your browser. Some areas in this site can only be accessed if you have a Federal/DoD Public Key Infrastructure (PKI) , Personal Identity Verification (PIV) or Common Access Cards (CAC) correctly installed in your browser. Portions of other IAD web sites also require PKI/PIV/CAC certificates for access. Access to these sites and pages requires both your personal certificate and site security certificate. There are two ways to avoid site certificate error messages:
- Import a DoD Root CA Certificate (preferred).
- Add an exception for the web site (Mozilla Firefox only) or create a Trusted Site (IE only).
While adding an exception is the faster, easier process, you might have to repeat the process for multiple protected DoD web sites. Importing the DoD Root CA Certificate will take a few minutes, but it is the more thorough solution. You should only have to import it once per browser.
You may see some other messages, usually alerts, rather than error messages, even when everything is installed correctly.
How do I obtain a DoD PKI client certificate?
This site does not issue certificates , however one is recommended for easier and more secure access.
DOD PKI client certificates include 1 identity, 1 email signature, and 1 email encryption certificate, and may be obtained from the DoD free of charge. DoD PKI certificates are available as software certificates (private keys stored in three .p12 files) or on Common Access Cards (private keys embedded in CAC). DoD Contractors may obtain CACs if their government sponsor deems it necessary.
In order for you to obtain a DOD issued certificate users must fulfill one of three requirements:
- Be active duty, reservist, or a DOD civilian.
- The user must work on site at a military or government installation.
- User is a DOD contractor that works on GFE equipment.
How do I obtain a DoD PKI client certificate as a Civilian Contractor?
Software Certificates may be obtained from the DoD if you fulfill one of the requirements listed above. You must contact your Local Registration Authority (LRA). Your DOD sponsor will be able to provide information on contacting your LRA. Obtain a "Certificate Registration Instructions"(CRI) sheet from the LRA. The CRI contains your user number and one time password which you will need to obtain your personal DoD certificate. Provide the LRA:
- Picture form of identification
- A signed PKI User Responsibility Form
If you do not fulfill one of the above requirements, an IECA/ECA certificate must be purchased from one of the three DOD approved vendors. More information is listed below in "How do I obtain an IECA/ECA client certificate."
Hardware Certificates in the form of a CAC may be obtained by DoD Contractors if their government sponsor deems it necessary. Use the link listed below to determine the nearest DEERS/RAPIDS office.
How do I obtain a Common Access Card (CAC)?
To obtain a Common Access Card (CAC), contact DEERS/RAPIDS personnel. To locate the nearest DEERS/RAPIDS office (1-800-372-7437), visit the RAPIDS Site Locator (accessible from all domains) and search by city, state, or zip code.
Please note that a smart card reader and middleware are required for your Operating System to access the CAC PKI certificates. Eligible contractors must complete Section I and have their government sponsor complete Section III of DD Form 1172-2 prior to visiting a DEERS/RAPIDS office.
How do I obtain an IECA/ECA PKI client certificate?
To obtain -Interim- External Certificate Authority (-I-ECA) certificates, visit the IASE External Certificate Authority link (lists the 3 steps to obtain an -I-ECA certificate).