Keeping Certificates Up to Date

Created On
Last Updated On
byDave Lebbing
You are here:

Twocanoes is developing tools to help users of Smart Card Utility stay updated on the certificates required by certain Department of Defense (DoD) websites. Currently Twocanoes provides a certificate profile with content sourced from militarycac.com. Over time, however, this information becomes out of date and requires creating a new certificate profile and alerting Smart Card Utility users to install it.

We are currently developing a service that automatically checks for new content published on dod.cyber.mil, creates a new certificate profile when this changes, and alerts Smart Card Utility users that a new certificate profile is available to install and stay up to date.

To verify the output of this new service, we are currently comparing the performance of the existing certificate profile to a new one.

2022-06-28-DoDCertsProfile

2023-02-08-DoDCertsProfile

The 2022-06-28 version here is the same as the current content from militarycac.com. The 2023-02-08 version is the updated content to compare.

To use either version, download the file using the links provided, then find the downloaded file and install it. Installing either one will replace the former version installed.

If any issues are encountered after installing the 2023 version, check if the issue can be resolved by installing the 2022 version. If the 2022 version resolves the issue there may be a certificate that the 2023 version is not currently providing. Twocanoes provides a free iOS app called SSL Detective that can be used to view information on what certificate is missing when a certificate error occurs.

Twocanoes will use any feedback received on certificates needed for DoD websites to improve this new service. Then once released, a new version of Smart Card Utility will send a notification as soon as new certificate content is available.

Certificate List Comparison

Below are lists of the certificates included in these certificate profiles. The test version (2023-02-08) intentionally removes the certificates from the militarycac.com source that have expired, and for which dod.cyber.mil has not published a replacement.

2022-06-28 Certificate Profile

  1. DOD DERILITY CA-1
  2. DOD EMAIL CA-49
  3. DOD EMAIL CA-50
  4. DOD EMAIL CA-51
  5. DOD EMAIL CA-52
  6. DOD EMAIL CA-59
  7. DOD EMAIL CA-62
  8. DOD EMAIL CA-63
  9. DOD EMAIL CA-64
  10. DOD EMAIL CA-65
  11. DOD ID CA-49
  12. DOD ID CA-50
  13. DOD ID CA-51
  14. DOD ID CA-52
  15. DOD ID CA-59
  16. DOD ID CA-62
  17. DOD ID CA-63
  18. DOD ID CA-64
  19. DOD ID CA-65
  20. DOD SW CA-53
  21. DOD SW CA-54
  22. DOD SW CA-55
  23. DOD SW CA-56
  24. DOD SW CA-57
  25. DOD SW CA-58
  26. DOD SW CA-60
  27. DOD SW CA-61
  28. DOD SW CA-66
  29. DOD SW CA-67
  30. DOD SW CA-68
  31. DOD SW CA-69
  32. DoDRoot3
  33. DoDRoot4
  34. DoDRoot5

2023-02-08 Certificate Profile

  1. DOD DERILITY CA-1
  2. DOD EMAIL CA-59
  3. DOD EMAIL CA-62
  4. DOD EMAIL CA-63
  5. DOD EMAIL CA-64
  6. DOD EMAIL CA-65
  7. DOD ID CA-59
  8. DOD ID CA-62
  9. DOD ID CA-63
  10. DOD ID CA-64
  11. DOD ID CA-65
  12. DOD SW CA-60
  13. DOD SW CA-61
  14. DOD SW CA-66
  15. DOD SW CA-67
  16. DOD SW CA-68
  17. DOD SW CA-69
  18. DoD Root CA 3
  19. DoD Root CA 4
  20. DoD Root CA 5
Tags: