Search Support

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Confirm security exceptions is not working after update to 3.6.

more options

After update to 3.6 none of the certificates are being authorized for https: dod sites. When I try to trust the certificates by using an exception nothing happens.

URL of affected sites

https://www.dmdc.osd.mil/swg/owa/DMDC.HOME

All Replies (6)

more options

You need to install the DoD root (Class 3 Root and Root CA-2) certificates

  1. http://dodpki.c3pki.den.disa.mil/
  2. http://militarycac.com/dodcerts.htm
more options

I went through the process of installing the cert but they do not show up in the certificate list. The pop up for trusting the CA comes up then they do not appear in the list.

more options

You need to look at "U.S. Government" in the certificate list for the DoD certificates.

more options

There is not even a U.S. Government category on my list of certificates. Safari is working fine for the same sites but is not supported on others. So between the two I was able to finish what I was working on. Would be nice if Firefox would work properly.

more options

Did you import the DOD root certificates?

Firefox > Preferences > Advanced : Encryption: Certificates

more options

Here are the instructions on how to load the DoD certificates/authorities to Firefox:

  • To import DoD Root CA certificates:

+Using Firefox, navigate to http://dodpki.c3pki.chamb.disa.mil/rootca.html +Click on the first link labeled "Download Class 3 Root CA Certificate" +and click on the "View Button". -Ensure that the SHA1 Fingerprint shown at the bottom matches the below: 10:F1:93:F3:40:AC:91:D6:DE:5F:1E:DC:00:62:47:C4:F2:5D:96:71 -!!! If it does not match, do not install the certificate !!! -If it does match, click on the "Close" button, check the first two check boxes and click "OK" - you may receive some errors for certificates that have expired, just click "OK" to continue.

+Follow the same procedures to download and install the DoD Root CA 2 +and External Certification Authority (ECA) Root CA certificates by clicking on the appropriate links and verifying the certificates by confirming the SHA1 Fingerprint matches the below:

-DoD Root CA 2 Fingerprint: 8C:94:1B:34:EA:1E:A6:ED:9A:E2:BC:54:CF:68:72:52:B4:C9:B5:61 -ECA Root CA Fingerprint: 3A:32:EF:7B:9A:B8:36:F8:37:18:1A:4C:EF:A3:55:C6:46:67:AC:BF

Once loaded they will show-up under U.S. Government, for some reason Firefox does not read these certificates/authorities from KeyChain Access same as Safari.