IAD.gov

Accessing Protected Web Sites

How are certificates used with this site and other protected IAD web sites?

Parts of this web site are protected and can only be accessed if you have a DoD Public Key Infrastructure (PKI) or Common Access Cards (CAC) correctly installed in your browser. They are marked with a key icon . Portions of other IAD web sites also require PKI/CAC certificates for access. Explicit instructions for joining other IAD web sites are outlined in the FAQ for each site. Currently, there are no requirements for joining this site; your certificate will automatically be recognized if it is correctly installed in your browser. If need information about obtaining a certificates, see DoD PKI/CAC Certificates.

Are you getting a site certificate error when trying to access a protected web site?

Portions of this web site use SSL protection to help secure our content. Access to these areas require that a site security certificate is loaded into your browser. Other areas can only be accessed if you have a DoD Public Key Infrastructure (PKI) or Common Access Cards (CAC) correctly installed in your browser. Portions of other IAD web sites also require PKI/CAC certificates for access. Access to these sites and pages requires both your personal certificate and site security certificate. There are two ways to avoid site certificate error messages:

Add an exception for the web site (Mozilla Firefox only) or create a Trusted Site (IE only).
Import a DoD Root CA 2 Certificate (preferred).

While adding an exception is the faster, easier process, you might have to repeat the process for multiple protected DoD web sites. Importing the DoD Root CA 2 Certificate will take about 2 minutes, but it is the more thorough solution. You should only have to import it once per browser.

You may see some other messages, usually alerts, rather than error messages, even when everything is installed correctly.

Other Common Error Messages

For guided step-by-step procedures, download the document version of this pageLoading Certificates on Protected Web Sites . This document also includes step-by-step procedures for installing your DoD PKI Certificate, which are not covered on this page.

1. Add Exception/Create Trusted Site

Add an Exception (Mozilla Firefox only)
If you receive a Secure Connection Failed message in Mozilla Firefox, you have the option of simply adding an Exception, thereby making it a Trusted Site. To do so, complete the following steps:
1. On the error window, click Or you can add an exception; the page reloads.
2. Click Add Exception; the Add Security Exception window opens.
3. Click Get Certificate; the window reloads.
4. Check the Permanently store this exception box; then click Confirm Security Exception.
Create a Trusted Site (IE only)
In IE, you may receive an error message stating that there is a problem with this website's security certificate. You have the option of making it this site a Trusted Site. To do so, complete the following steps:
1. Go to Tools > Internet Options.
2. Select the Security tab.
3. Click Trusted Sites.
4. To create a Trusted Site, click Sites; the Trusted Sites window opens.
5. Enter the URL of the desired site.
6. Click Add. The site is listed in the Trusted Sites box.
7. Check Require server verification (https:) for all sites in this zone.

2. Import a DoD Root CA 2 Certificate

Loading the Site Certificate into Internet Explorer
1. Open Internet Explorer.
2. Navigate to: http://dodpki.c3pki.chamb.disa.mil/rootca.html.
3. Select Download Root CA 2 Certificate; the Downloading Certificate window appears. If, however, a File Download window appears, skip to Step 7.
4. Select all three check boxes and click OK.
5. Close and re-open your browser.
6. Test the import by navigating to https://www.iad.gov/events/conferences/register/LoginType.cfm. If successful, you will not see a pop-up window.
7. If a File Download window appears, click Save. Select a download location. Keep the default name. Click Save. When the file is saved, click Close. (Window may close automatically.)
8. Select Tools > Internet Options.
9. Click the Content tab, and then the Certificates button; the Certificates window opens.
10. Click the Import button; the Certificate Import Wizard opens.
11. Click Next; the page reloads.
12. Click Browse.
13. Navigate to the directory where you saved the Root CA 2 Certificate.
14. Change the Files of Type option to All Files (*.*).
15. Select the certificate file and click Open; the page reloads and shows the file as selected.
16. Click Next; the page reloads.
17. Select Automatically select the certificate store based on the type of certificate and click Next; the page reloads.
18. Click Finish. You should see a pop-up success message. Click OK. Close any of the remaining option windows.
19. Close and re-open your browser.
20. Test that the import was successful by navigating to https://www.iad.gov/events/conferences/register/LoginType.cfm. If successful, you will not receive a pop-up window, although you may see a Security Alert. Click OK or Yes.
Loading the Site Certificate into Mozilla Firefox
1. Open Mozilla Firefox.
2. Navigate to: http://dodpki.c3pki.chamb.disa.mil/rootca.html.
3. Select Download Root CA 2 Certificate. A File Download window appears.
4. Click Save. Select a download location and click Save. Keep the default name. When the file is saved, click Close. (Window may close automatically.)
5. Select Tools > Options; the Options window opens.
6. Click the Advanced icon; the window reloads.
7. Click the Encryption tab; the window reloads.
8. Click View Certificates; the Certificate Manager window opens.
9. Click Import; the Select File containing CA certificate(s) to import window opens.
10. Navigate to the directory where you saved the Root CA 2 Certificate.
11. Change the Files of type option to All Files (*.*).
12. Select the certificate file and click Open. The certificate is downloaded. Click View; the page reloads and shows the file as selected.
13. If prompted, enter the password you used for your individual DOD PKI certificate.
14. When finished, close and re-open your browser.
15. Test that the import was successful by navigating to https://www.iad.gov/events/conferences/register/LoginType.cfm. If successful, you will not receive a pop-up window, although you may see a Security Alert. Click OK or Yes.

3. Other Common Error Messages

Switching from HTTP to HTTPS Pages with IE
If you enter the site URL starting with http, instead of https, or if the page you're coming from had a URL starting with http and the link to the secure site was coded with a relative link, you may see a security warning. Select Yes to proceed.
Accessing a Protected Site with IE
When opening the site in IE, you may be asked to confirm that it's OK to go to a secure site. You may then have to identify your certificate. You may also encounter a series of prompts. On the first screen, select Continue to this website. On the following screens, select Yes or OK as prompted