Download DoD root certificates

Export or download the third-party root certificate. How you obtain the party root certificate varies by vendor. The certificate must be in Base64 Encoded X.509 format.

The most current DoD certificates bundles can be downloaded from the DoD Cyber Exchange website. This zip file contains the DoD PKI CA certificates in PKCS#7 certificate bundles containing either Privately Enhanced Mail (PEM)-encoded or Distinguished Encoding Rules (DER)-encoded certificates. Separate PKCS#7 certificate bundles are also included for each root CA, for relying parties who may wish to accept only certificates issued with the key and signature hash combinations (for example, RSA-2048/SHA-256) issued by a given root. Instructions for verifying the integrity of all p7b files using the signed SHA-256 hashes file are included in the README.

To download the DOD root certificates:

Open a web browser and navigate to the DoD Cyber Exchange Public Tools and Configuration Files page.
Under the Tools heading, download the latest PKI CA Certificate Bundles: PKCS#7 For DoD PKI Only - Version 5.6.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Enable smart card logon with third-party certification authorities

Update default domain policy with third party root CAs