Information
This policy setting ensures that the US DoD Combined Communications-Electronics Board (CCEB) Interoperability Root CA cross-certificates are installed in the Untrusted Certificate Store on unclassified systems.
The STIG recommended state for this setting is: DoD Root CA 3 - US DoD CCEB Interoperability Root CA 2 - 9B74964506C7ED9138070D08D5F8B969866560C8
If the Interoperability Root CA cross-certificates are not installed in the Untrusted Certificates Store users may experience denial of service when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CAs.
Note: This requirement only applies to unclassified systems.
Solution
Install the following DoD Root CA certificates in the
Untrusted Certificates Store
:
DoD Root CA 3 - US DoD CCEB Interoperability Root CA 2 - 9B74964506C7ED9138070D08D5F8B969866560C8
Note: The InstallRoot tool is available on IASE at
http://iase.disa.mil/pki-pke/Pages/tools.aspx
.
Note #2: The Certificate Store can be loaded by executing the
Microsoft Management Console (MMC)
and loading the
Certificates
snap-in.
Impact:
N/A