Install Root is a tool designed to add ECA and DoD Certificates directly into Firefox user trust stores, allowing CAC enabled websites to load and be recognized without prompting a security warning in Firefox.
By employing this approach, the certificates can also be installed into the operating system root certificate store on device, enabling both File Director and Internet Explorer clients to trust these certificates immediately.
Installation
InstallRoot is a Windows software program that enables users to install all DoD certificates required for secure communications between DoD websites and DCMA, free download from IASE PKI-PKE’s Tools section, using standard Windows computer methods for installing software programs. Once InstallRoot has been successfully installed on your system, a trust store will be created containing all DoD certificates on it.
To install, follow the links for an installer file and double-click to launch the installation wizard. Depending on your operating system, choose from among three installation types. 32-bit non-administrator installations may be better suited to older computers without administrator rights and will require helpdesk support, while 64-bit Administrator installers are best for modern machines. When prompted for permission by the installer to make changes on your machine, just answer yes as appropriate.
Once the tool is installed, simply navigate to its directory of origin and run its executable file. A wizard will present various options; on page one choose “Install All Available DoD Certificates.” Once done successfully you may access any DoD websites or DCMA by opening your browser and entering CAC credentials.
To uninstall software, use the Windows Control Panel’s Add/Remove Program feature or Microsoft Management Console’s Certificate Snap-in Management Module’s Remove feature from its File menu. To reinstall certificates, navigate back to where InstallRoot was downloaded and execute its executable again.
Configuration
After installingroot has been successfully installed, a Group Policy can be set up to automatically sync certificates across all domain computers. To do this, right-click your domain root Organizational Unit (OU), choose New > Group Policy Object and name it Umbrella Certificate Installer before clicking Finish in Group Policy Object Editor. Afterward, expand Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities, and click Import in GPO Editor.
Troubleshooting
DoD websites utilize certificates to establish secure connections. If your computer won’t load DoD websites or DCMA is showing security certificate errors, reinstalling certificates could be the solution. DISA created a program called Windows Certificate Installer which will install all the certificates needed to access DoD websites; you can also manually install them using MMC console’s Certificates expand and Import Certificate Wizard instructions.
Removal
Root certificates are digital documents that validate the identity of domains, organizations, or websites and allow web browsers to trust those visits over secure connections. Therefore it’s crucial that all root certificates remain up-to-date as changes occur – for instance when one certificate becomes compromised and its root certificate removed from its chain, browsers no longer trust it – although doing this may prove challenging as other certificates in its chain might also reference it and must also be updated as part of this process.
InstallRoot provides users with administrative privileges with the tools needed to perform various actions with certificate stores, certificate groups and individual certificates. The user interface features tabs displaying Managed Certificate Stores as well as Certificate Groups that contain expandable listings of certificates within that group. In addition, each tab features buttons that facilitate performing various actions with certificates or groups displayed therein.
When accessed by users with administrative privileges, the UI will check for and download InstallRoot TAMP messages at an interval that can be customized via Perform online update after setting. These TAMP messages serve to update trust stores of certificates installed via InstallRoot’s Windows service; users with administrative rights can start or stop this service using Play and Stop buttons respectively.
The UI also includes options for managing preferences and customizing Windows service, such as starting and stopping automatically upon system start-up (which you can enable or disable as desired). Other preferences that can be altered include changing where installroot directories and passwords reside as well as timeout periods after which applications automatically close themselves off. It is even possible to change dnf command’s repository defaults as well as specify an alias for repolist that will provide more comprehensive results than standard repolist command.