- Navigate in Finder to Go > Utilities and launch Keychain Access.app.
- In the Keychain Access window, select the Login keychain on the left hand side.
- Download and unzip the PKCS7 certificate bundle for DoD.
- From Keychain Access.app:
a) Select File > Import Items.
b) Navigate to the unzipped PKCS7 certificates folder.
c) Select DoD_PKE_CA_chain.pem and select Open. Enter your password if prompted.
Removing the Cross Certificates
Because both cross certificates and the DoD Root CA 2 certificate have the same Subject Key Identifier, the cross certificates will need to be removed from the login keychain.
- Navigate in Finder to Go > Utilities and launch Keychain Access.app.
- In the Keychain Access window, select Login on the left hand side.
- Scroll through the list of certificates to find each DoD Root CA 2 certificate with the blue certificate icon pictured below. (If these certificates are not present in the login keychain skip to the next section.)
Marking the Cross Certificates as Untrusted
Now each cross certificate needs to be loaded back into the login keychain and marked as untrusted.
- Navigate in Finder to Go > Utilities and launch Keychain Access.app.
- In the Keychain Access window, select Login on the left hand side.
- Download and extract this zip file with both cross certificates to your desktop.
- Double-click on each certificate on your desktop, select Login, and click OK (enter your password if prompted).
- Scroll through the list of certificates for the DoD Root CA 2 certificates with the blue icons as pictured below.
Ensuring your CAC Certificates are Trusted
- Navigate in Finder to Go > Utilities and launch Keychain Access.app.
- In the Keychain Access window, select your CAC on the left hand side.
- Click on one of the certificates on your CAC and verify that it has a green check mark indicating that it is valid (see image below).
The DoD Cyber Exchange is sponsored by
Defense Information Systems Agency (DISA)
- Training
- SRGs/STIGs
- PKI / PKE
- DoD Workforce Innovation Directorate
- External Resources
- Privacy and Security
- Section 508
- Site Map
U.S. Government Notice and Consent
You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:
· The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
· At any time, the USG may inspect and seize data stored on this IS.
· Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.
· This IS includes security measures (e.g., authentication and access controls) to protect USG interests – not for your personal benefit or privacy.
Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
