Accessing Protected Web Sites

IAD Home

DoD PKI/CAC Certificates

This page provides answers to frequently asked questions about obtaining DoD PKI/CAC Certificates:

Accessing our Site
Obtaining a DoD PKI/CAC Certificate

Certificate FAQ

(U) Accessing our Site

How are certificates used with this site and other protected IAD web sites?
Parts of this web site are protected and can only be accessed if you have a DoD Public Key Infrastructure (PKI) or Common Access Cards (CAC) correctly installed in your browser. They are marked with a key icon . Portions of other IAD web sites also require PKI/CAC certificates for access. Explicit instructions for joining other IAD web sites are outlined in the FAQ for each site. Currently, there are no requirements for joining this site; your certificate will automatically be recognized if it is correctly installed in your browser. If you are having problems with certificates, see Accessing Protected Web Sites.

(U) Obtaining a DoD PKI/CAC Certificate

How do I obtain a DoD PKI client certificate?
This site does not issue certificates, however one is recommended for easier and more secure access.
DOD PKI client certificates include 1 identity, 1 email signature, and 1 email encryption certificate, and may be obtained from the DoD free of charge. DoD PKI certificates are available as software certificates (private keys stored in three .p12 files) or on Common Access Cards (private keys embedded in CAC). DoD Contractors may obtain CACs if their government sponsor deems it necessary.
In order for you to obtain a DOD issued certificate users must fulfill one of three requirements:
- Be active duty, reservist, or a DOD civilian.
- The user must work on site at a military or government installation.
- User is a DOD contractor that works on GFE equipment.
If you do not work on DOD GFE, you will need to obtain IECA client certificates (identity, email signature and email encryption certificate). PKI client certificates issued by IECAs are available as software certificates only. The IECA vendors require payment for PKI client certificates.
How do I obtain a DoD PKI client certificate as a Civilian Contractor?
Software Certificates may be obtained from the DoD if you fulfill one of the requirements listed above. You must contact your Local Registration Authority (LRA). Your DOD sponsor will be able to provide information on contacting your LRA. Obtain a "Certificate Registration Instructions"(CRI) sheet from the LRA. The CRI contains your user number and one time password which you will need to obtain your personal DoD certificate. Provide the LRA:
- Picture form of identification
- A signed PKI User Responsibility Form
Your LRA may request that you complete DD Form 2842. If so, please read the DD Form 2842 Instructions.
If you do not fulfill one of the above requirements, an IECA/ECA certificate must be purchased from one of the three DOD approved vendors. More information is listed IECA/ECA certificates.
Hardware Certificates in the form of a CAC may be obtained by DoD Contractors if their government sponsor deems it necessary. Use the link listed below to determine the nearest DEERS/RAPIDS office.
How do I obtain a Common Access Card (CAC)?
To obtain a Common Access Card (CAC), contact DEERS/RAPIDS personnel. To locate the nearest DEERS/RAPIDS office (1-800-372-7437), visit the RAPIDS Site Locator (accessible from all domains) and search by city, state, or zip code.
Please note that a smart card reader and middleware are required for your Operating System to access the CAC PKI certificates. Eligible contractors must complete Section I and have their government sponsor complete Section III of DD Form 1172-2 prior to visiting a DEERS/RAPIDS office.
How do I obtain an IECA/ECA PKI client certificate?
To obtain -Interim- External Certificate Authority (-I-ECA) certificates, visit the IASE External Certificate Authority link (lists the 3 steps to obtain an -I-ECA certificate).