Avatar for Username

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

How do I install DOD root certificates in linux?

  • 3 replies
  • 2 have this problem
  • 52 views
  • Last reply by cor-el

CalebW
CalebW

I need to access this site: https://www.netfocus.netc.navy.mil/nrotc/candidate_app/Login.aspx in order to apply for the NROTC scholarship. I had previously been able to access this site last year, however, I updated firefox and all I get is a "Secure Connection Failed" error now. Well when I try to install the DOD Root CA Certificates at this site: http://dodpki.c3pki.chamb.disa.mil/rootca.html I get a never ending alert that say "This certificate can't be verified and will not be imported". What do I need to do in order to install this? I really need to access the first website.

I need to access this site: https://www.netfocus.netc.navy.mil/nrotc/candidate_app/Login.aspx in order to apply for the NROTC scholarship. I had previously been able to access this site last year, however, I updated firefox and all I get is a "Secure Connection Failed" error now. Well when I try to install the DOD Root CA Certificates at this site: http://dodpki.c3pki.chamb.disa.mil/rootca.html I get a never ending alert that say "This certificate can't be verified and will not be imported". What do I need to do in order to install this? I really need to access the first website.

Chosen solution

The site seems to be using TLS 1.0 It work if I add the domain to the whitelist.

The website may try to fallback to a lower TLS version in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain (www.netfocus.netc.navy.mil) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).

If this helps then you can contact this website and ask them to look into this and update their security.

Read this answer in context 👍 1

All Replies (3)

cor-el
cor-el
  • Top 25 Contributor
  • Moderator

See download dod_configuration-1.3.7.xpi:

Modified by cor-el

CalebW
CalebW Question owner

cor-el said

See download dod_configuration-1.3.7.xpi:

I installed it, however, after I ran "Update DOD Certs" the certs were not included in my certificate list and I am still unable to access the site.

cor-el
cor-el
  • Top 25 Contributor
  • Moderator

Chosen Solution

The site seems to be using TLS 1.0 It work if I add the domain to the whitelist.

The website may try to fallback to a lower TLS version in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add the full domain (www.netfocus.netc.navy.mil) to the value of this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). There should only be domains separated by a comma in the Value column (example.com,www.example.com).

If this helps then you can contact this website and ask them to look into this and update their security.