Other applications such as Mozilla Firefox and Java have their own separate trust stores. The Trust Store Management brief discusses common PKI certificate trust stores a system can leverage and how to manage them. CA certificates and other information for approved external PKIs are available from the Interoperability page. Obtain and Install a Certificate for the System or Application. Most applications, including web-based systems, require a certificate identifying the system in order to fully PK-enable.
Once the certificate is issued, it can be downloaded and installed by the application owner. The diagram below shows the process for obtaining a DoD server certificate.
Configure Certificate Revocation Checking. Applications must verify certificates have not been revoked prior to relying on them for security functions such as authentication. In addition to the primary methods, DoD PKI offers a variety of Axway Tumbleweed and CoreStreet proprietary revocation checking mechanisms that an organization can leverage that are detailed in the Robust Certificate Validation Services slick sheet.
These items are available for download from the Tools page. Systems and applications typically have specific configuration properties to control security settings related to PKI functionality. There will usually be another property that controls PKI certificate-based client authentication to the system, with options to require, allow, or disable that functionality. It then provides specific requirements for authentication credentials based on these levels of sensitivity.
Policy related to authentication requirements was previously found in DoDI DoD Instruction It also contains two other major changes. The first is that all policy related to authentication requirements has been moved to DoDI The second major change impacts pursuing waivers to DoDI Previously, Component CIOs had the authority to approve waivers to the instruction.
This April DoD CIO memo emphasizes the importance of adhering to existing security policies for the use of commercial mobile devices in the DoD, outlines current challenges and provides requirements and potential mitigations for limited use pilots and mission-critical applications of devices that do not currently have approved Security Technical Implementation Guides STIGs.
Attachment 1 addresses configuring optimal security settings in the BlackBerry STIG to improve user acceptance and functionality. Attachment 2 discusses requirements for the use of non-enterprise activated CMDs. Version 7. Get started with installing the latest certificates by reviewing the tutorials below.
The InstallRoot application is the simplest and most straightforward way to install all DOD certificates in your windows operating system, and supports Internet Explorer, Chrome, Firefox, and Java.
If Firefox, Java, or both programs are installed on your computer you will be asked if you would like to install the certificates in their respective certificate stores.
Click Install Certificates in the top left corner. If you click the drop down next to the red ribbon you should see a green check mark next to the certificates. Install middleware, if necessary. You may need additional middleware, depending on the operating system you use. You can find their contact information on our Contact Us tab. The InstallRoot User Guide is available here. Pick your browser for specific instructions.
0コメント