How do I get my CAC certificates?

How do I get my CAC certificates?

You can get started using your CAC by following these basic steps:

  1. Get a card reader.
  2. Install middleware, if necessary.
  3. Install DoD root certificates with InstallRoot (32-bit, 64-bit or Non Administrator).
  4. Make certificates available to your operating system and/or browser, if necessary.

How do I fix my CAC certificates?

If you are trying to authenticate with your CAC, please clear your SSL sessions. In IE go to the Tools-Internet options. Select the content tab and press the “Clear SSL State button.” If this does not work or you are unable to complete this close all open browser windows and try again.

How do I download DoD CAC certificates?


  1. Download the DoD Root CA 3 cert here: DoD Root CA 3.
  2. Click Allow to download configuration profile.
  3. Go to Settings > General > Profiles and Device Management and tap on DoD Root CA 3.
  4. Tap Install and enter your passcode if asked.
  5. Tap Install 2x to install certificate.
  6. Tap Done on top right.

What certificates are on a CAC card?

CAC is based on X. 509 certificates with software middleware enabling an operating system to interface with the card via a hardware card reader.

How do I get my CAC certificate online?


  1. Go to CAC login portal :
  2. Click on “Sign in”
  3. Enter your username & password and click on “Log In”
  4. Click on “Name Search” tab.
  5. Click on “My Reservation History” tab.
  6. You will see list of your approved business names.
  7. Click on the “Action” button and click on “view payment history”

How do I update my CAC email certificates?

Click the action in the box associated with the CAC that you want to update.

  1. Click Proceed to continue updating the email address associated with your CAC.
  2. Enter your new email address in the provided text box.
  3. Confirm your email address.
  4. You have the option to check Add PCC on UPN.
  5. Click Next.
  6. Click Yes to continue.

Why is my CAC card certificates revoked?

Error 53 Information: This is usually caused by your certificates being revoked on your CAC. This can be because it is expired, you changed branches of the military (example: Regular Army to Army Reserve), retired, or your contract end date changed for contractors.

How do I get a 509 certificate?

509 certificates for authentication….Using this CA, we can generate a client certificate using openssl .

  1. Create the client key. Keep this file safe!
  2. Generate a certificate signing request for the server.
  3. Use the CA to sign the server’s request.
  4. (Optional) Format the client certificate into browser importable form.

How are x509 certificates validated?

509 verification process, each certificate must be signed by the same issuer CA named in its certificate. The client must be able to follow a hierarchical path of certification that recursively links back to at least one root CA listed in the client’s trust store.