X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

ako army security

Posted

i've tried following AKO's advise, previously post on this site (http://militarycac.com/dodcerts.htm,) etc...

please help me install all needed certs, so this message stops appearing:

"Secure Connection Failed


         An error occurred during a connection to akocert.us.army.mil.

SSL peer cannot verify your certificate.

(Error code: ssl_error_bad_cert_alert)


 The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
 
 Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site."

Additional System Details

Installed Plug-ins

  • Google Update
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.6
  • Shockwave Flash 11.5 r502
  • McAfee MSS+ NPAPI Plugin
  • Coupons, Inc. Coupon Printer Plugin
  • Coupons, Inc. Coupon Printer DLL
  • 5.1.10411.0
  • Picasa plugin
  • iTunes Detector Plug-in
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • NPWLPG
  • CANON iMAGE GATEWAY Mycamera Plugin
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.0; rv:9.0.1) Gecko/20100101 Firefox/9.0.1

More Information

Tyler Downer
  • Administrator
  • Moderator
1164 solutions 6636 answers

Please update to Firefox 19 Update Firefox to the latest version

Question owner

updated, cleared history, closed, reopened. still no go.

gnbryan 0 solutions 2 answers

I just found a solution that works to get past this error - and it's simple.

I copied/pasted the address of the site I was trying to connect to (i.e. the short string separated with periods - dtms.army.mil - for instance) into a Google search field. Then I clicked on the website it's trying to connect to (https://dtms.army.mil). (Possibly you could simply type it into your address field with with the "https://" at the beginning; I"m simply giving you how I discovered a solution.)

Attempting to go to that website should give you the same type of error, except that it gives you the option to add an exception. Once you've added an exception, you can go back to AKO and / or refresh the tab you were attempting to access My Training on.

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

You should install the DoD certificates in Firefox instead of adding an exception.

gnbryan 0 solutions 2 answers

I have installed all the certs, as far as I know. You run into a problem accessing the My Training page with Firefox and you have to go around the error to even open the page.

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

You can download and save the InstallerRoot 3.16A file under Trust Store Management from this page:

That is a ZIP archive (unclass-installroot_v3-16a.zip) and you can import this file in the Firefox Certificate Manager

  • unclass-installroot_v3-16a.zip/InstallRoot_v3.16A/PKCS7/InstallRoot_PKCS7_v3.16A.der.p7b

(you need to extract this p7b file).

If you get an error that the certificate is already installed then remove all install DoD certificates and close and restart Firefox.
You need the set all trust bits for the DoD Root Ca-2 certificate to make it possible to use it as a trusted root certificate.
All other are intermediate certificates and should never have trust bits set.

See the README.txt file in the InstallRoot_v3.16A/PKCS7/ folder for instructions

capot1948 0 solutions 7 answers

I just recently retired from my contractor job and since I'm also retired army I'm having to start accessing my AKO account from the house using my username/password. I tested it before turning my CAC in last Friday and work fine from my work computer. Trying today from home on my Linux box is another story. I keep getting

An error occurred during a connection to akocert.us.army.mil.

SSL peer cannot verify your certificate.

(Error code: ssl_error_bad_cert_alert)

I've followed the instructions above and downloaded and installed the certs, still doesn't work. I'm running Firefox 22.0 Any help would be appreciated.

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

Is the CAC installed correctly?

  • Tools > Options > Advanced : Encryption: Certificates > Security Devices
capot1948 0 solutions 7 answers

I'm not using a CAC on my home Linux box. Never have, I'm trying to log in with my username/password

capot1948 0 solutions 7 answers

I might add that when trying to install the InstallRoot_PKCS7_v3.16A.der.p7b cert I get the below:

This certificate can't be verified and will not be imported. The certificate issuer might be unknown or untrusted, the certificate might have expired or been revoked, or the certificate might not have been approved.

Although when trying to install again it says certificate already installed. Also when the error pops up SSL peer cannot verify your certificate is it looking for 'my' certificate?

Modified by capot1948

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

You need to remove all existing DOD certificates or at least the root certificate under the Authorities tab.
Also make sure to set all trust bits for the "DoD Root CA-2" certificate.
There are also EMAIL certificates installed that aren't needed for Firefox and can be removed.

capot1948 0 solutions 7 answers

Here is what I've done to no avail:

1. downloaded InstallRoot v3 16a.zip 2. Unzipped into two folders PKCS7 and Windows 3. Since I'm on Linux I opened PKCS7 and inside of that are these files: DoD_PKE_CA_chain.pem InstallRoot_PKCS7_v3.16A.der.p7b InstallRoot_PKCS7_v3.16A.pem.p7b InstallRoot_PKCS7_v3.16A.pem-signed.p7b InstallRoot_PKCS7_v3.16A.sha1 InstallRoot_PKCS7_v3.16A.sha256 README.txt

Per the 'ReadMe' file I imported the InstallRoot_PKCS7_v3.16A.der.p7b file after removing all the DoD certs. All trust bits are set for DoD Root CA 2. Still nothing. Is there a port I need to open on the firewall? All other sites work with no problem, is AKO really that different?

capot1948 0 solutions 7 answers

I have found that I can log directly into AKO webmail with no problem with this link https://webmail.us.army.mil/ once logged in I can access the rest of the AKO site as normal. So my certs must be working right I just have no idea why I keep getting the SSL error when trying to log in normally.

richardlvance 0 solutions 3 answers

I have no intention of killing off a working client certificate system (works with IE, Chrome, etc) just to make Firefox happy. Firefox requires a fix.

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

They only difference seems to be that they do not send DoD intermediate certificates apart from the fact that Firefox doesn't have the DoD root certificates. So all required intermediate certificates need to be installed as well in addition to the root certificate and also a possible CAC reader needs to be installed and working properly.

  • Firefox/Tools > Options > Advanced > Encryption: Certificates > Security Devices
richardlvance 0 solutions 3 answers

My CAC reader is installed on the system. The card is in place and logged in. It works everywhere except Firefox. Going back to Chrome.