DoD PKI Automatic Key Recovery is an automated tool that allows you to download and recover your former Common Access Card (CAC) encryption keys. This is useful when you lose your CAC, or it is expired.
It is also useful when you want to open old encrypted emails with a new CAC. However, you need to have your former CAC certificate first.
How do I download DoD CA certificates?
Many secure web sites, including DCPAS and DAU, use digital certificates to establish a secure connection between your browser and the site’s Certificate Authority (CA). Most Internet browsers automatically recognize public CA certificates that are trusted by the browser and verify the identity of secure websites. However, some DoD websites are verified through private DoD CAs whose certificates need to be installed on your computer by a local system administrator.
When this occurs, you’ll receive a warning message about the certificate being untrusted. This is typically due to the DoD Medium Assurance or Class 3 Root Certificate Authorities not being included in your web browser’s Intermediate and Trusted Root CAs. To resolve this, you must install the DoD Root CA certificates.
In most cases, you’ll need to download the latest version of the DoD InstallRoot utility. The tool will install the DoD CA certificates on your machine and make them available to your operating system and/or browser. This will ensure that the DoD certificates are recognized by your computer and allow you to access various DoD web pages.
The installation process is relatively easy and will only take a few minutes to complete. If you experience any difficulty, please contact your local IT department for assistance. Alternatively, you can download the DoD PKI Automatic Key Recovery Configuration Profile and install DoD CAs on your machine as needed.
How do I recover a certificate?
The DoD PKI (Public Key Infrastructure) provides a secure identity management infrastructure. It binds the user’s identity to a private key and certificate issued by a Certification Authority. It encrypts data, authenticates devices, and supports DoD Information Systems.
The DoD also implements an External Certification Authority program, which allows users to obtain certificates from authorized entities. This system includes a root Certification Authority, subordinate CAs, and certificate revocation lists.
A DoD PKI certificate is a digitally signed document that can be used to verify the authenticity of a web page or other resource. Most computers automatically recognize public certification authorities, and a PKI-based certificate can be used to protect information on a network.
Use the DoD PKI Automatic Key Recovery tool to recover a DoD PKI certificate. This utility can be downloaded from the DoD Cyber Exchange website.
It’s important to remember that certificates can be revoked at any time. To prevent this from happening, remove any revoked certificates from your computer by using the Internet Options menu.
After selecting “Internet Options,” click on the Content tab and then select “Certificates.” From there, select “Intermediate Certification Authorities” from the list of certificate types. Then scroll down the list and look for certificates that contain “DoD Interoperability” or “DOD.” If any of these revoked certificates are still reflected in your browser, they need to be removed from your computer by a system administrator.
Alternatively, you can download a NonAdministator version of the DoD PKI Automatic Key Recovery tool from the DoD Cyber Exchange website. This is especially helpful if you’re using a Windows-based system and don’t have access to the administrative tools available on a Mac or Linux computer.
How do I download DoD email certificates?
DoD email certificates help identify and secure your PC’s connection to the military website you use. Often this will mean you need to download a DoD certificate bundle for your PC. Depending on your system and your IT department’s policy, this may be done automatically by your IT department or manually by you.
The DoD PKI Automatic Key Recovery tool (also known as InstallRoot) is a good choice for this task because it was designed specifically to perform the task and comes with a user guide. This Windows-based program is free and available to download from the Department’s Cyber Exchange, a service provided by DISA.
Using this tool, you’ll be able to scan your computer for certificates and then reinstall those which are not trustworthy or outdated. You’ll also be able to view your installed certificates on screen.
In the end, this is a great way to ensure you’re able to access the military websites you use on your PC. This will prevent you from having to install the certificates manually, which can be time-consuming and difficult to do.
What’s more, you might find that reinstalling the old CAC certificate is just as easy and will get your PC ready to start using DoD email again! This handy tool on your desk can come in handy when you need to open up old encrypted emails with the new CAC or when you’re trying to troubleshoot any issues that might arise.
For more information on how to use this tool, check out the DoD’s End Users page or visit a DoD PKI Automatic Key Recovery site near you. Whatever route you choose, be sure to follow the instructions in the manual to the letter.
What do I do after I get my new CAC card?
If you have a new CAC card, there are some things to do after you receive it. You need to take care of it so that you can use it to access DoD systems and information.
To ensure that you do not lose or misplace your CAC, it is highly recommended that you carry it in your wallet or purse. If you do lose your CAC, contact the nearest ID card office to get a replacement.
Then, if you need to access DoD systems, such as DEERs or RAPIDS, you will need to use your CAC as the authentication credential. This can be done by using the reader attached to your computer or scanning the card and entering it into a web browser on the system.
If you are a Mac user, it can be easier to use the reader on your computer. To do this, you will need to install a special tool called “CAC Enablers,” which can be found on the DTS support page.
Alternatively, you can use your computer’s built-in CAC reader, but be aware that the built-in reader will always take priority over an external reader if you have both installed at the same time. To resolve this issue, unplug the external reader and use your internal reader (if available) for a few minutes until it starts to work again.
You can also try clearing the old certificate by following slide 14 in this guide. If you do not have a new CAC or cannot use your new CAC to access DoD systems, you will need to visit a RAPIDS office to obtain a new CAC.