SSLCACertificateFile /etc/pki/tls/certs/DoD_CAs.pem SSLCertificateKeyFile /etc/pki/tls/private/ # There should already be a SSLCertificateFile and SSLCertificateKeyFile for your server certificates SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # These directives should already be set. Once you've downloaded the certificates, they need to be placed on the server, unzipped, converted to PEM encoding and bundled into a single file.ĬustomLog logs/ssl_client_request_log "%h %l %u %t %x" The public DoD Cyber Exchange also has them available. The CA Root Certificates are usually provided to you by your card issuer. Note: These certificates are updated (roughly) annually and the new ones must be re-installed on your server manually. Server Certificates Certificate Authority (CA) Root Certificates
DOD JITC CERTS FULL
They also provide a full User Guide with installation instructions. The current, recommended method for installing the DoD certificates locally is by using the InstallRoot Tool provided by the DoD. Note: You may already have these installed.
The steps necessary to enable CAC authentication in PCR-360 are as follows:
DOD JITC CERTS PROFESSIONAL
Professional Computing Resources, Inc (PCR) does not control them and they are subject to change. Note: The links contained herein were current at the time this document was published. These CA files are installed on the web server and lets us know if the User can be trusted or not. For CAC, this file comes from the DoD and gets refreshed on a regular basis. The first is the X509 certificate file, which is issued to every User by the DoD Certificate Authority (CA). The CAC contains one or more of these certificates and presents them to the web server when the User logs in. X509 certificates are files that prove that the User is who they claim to be. The web server is configured to enable X509 certificate-based authentication. When a User swipes their CAC, this information is transmitted to the application in the form of a Common Name (CN).
The EDIPI is a unique number assigned to each User. Users are identified with a special 10 digit identifier provided by the DoD called the Electronic Data Interchange Personal Identifier (EDIPI).