Instructions for Importing theDoD CA PKI Root Certificate Authorities Certificates into Internet ExplorerInternet Explorer does not list the DoD Medium Assurance and Class 3 Root Certificate Authorities (CA)among its list of Intermediate and Trusted Root CAs. Therefore, when a user accesses a DoD web site witha DoD PKI server certificate, he receives a message stating that the security certificate was issued by acompany he has not chosen to trust, and when he receives a digitally signed email message from a senderwhose certificate was issued by the DoD Medium Assurance or Class 3 Root CAs, he receives a messagethat the digital signature on this message is invalid because the certificate with this message is not trusted.In order to prevent these messages from occurring, the user must import the DoD Root CA Certificates intothe Trusted Root and Intermediate CA stores of Internet Explorer. Although only one of the DoD Root CAsissued the server and email certificates, the user might as well download both the Class 3 Root CA andMedium Assurance Root CA certificates.1.In Internet Explorer, go to http://dodpki.c3pki.chamb.disa.mil/rootca.html. If you have never donethis before you will get a security alert first. 2.Select "Yes” to continueNear the bottom of the screen, click on “Download DoD Class 3 Root CA Certificate.”
You will select both in steps2 and 3.3. Select “Save this file to disk” and click on OK. The name of the file will be “dodroot.cac.” After thedownload is complete, click on Download Medium Assurance Root CA Certificate and repeat, saving the file“dodrootmed.cac.”4. After downloading both certificates to a file, from the Tools pull-down menu, select Internet Options, andthen select the Content tab.In the Certificates section, select the Certificates. button todisplay the Certificate Manager window.
Select Certificates in theContent tab.5. Select the Trusted Root Certification Authorities tab, and then select the Import. button.
6. When the Certificate Manager Import Wizard displays, read theinformation, and then select the Next button.Select theCertificattab first b
When the following window displays, use the Browse button to find the DoD Root CA certificate you justdownloaded.You may need to change the file type to “All files (*.*)” to find dodroot.cac. Select Open.
When the file displays in the File name: field, select Next to continue. 7. Select the “Automatically select the certificate store based onthe type of certificate” radio button, and then select Next .File will reside elsewhere onyour computer.
When the Certificate Manager Import Wizard window appears,select Finish to complete the Wizard.After selecting Finish, a dialog box will pop up asking, "Do you want to Add the following
certificate to the Root Store?" Select Yes to add the certificates to the Root store. Select OK to confirm thatthe import was successful.8. Repeat steps 5 -7 for the other DoD Root CA certificate.9. You should now see the DoD Medium Assurance and Class 3 Root CAs listed in the Intermediate andTrusted Root CA stores. Close Internet Explorer.