Search MilitaryCAC:

Site Map logo

.com | .us | .ml  | .mobi | .net | .org

The Definitive Source for Everything CAC

Common Access Card help for your
ersonal Computer

Also available at:

Please ShareThis website with your friends and colleagues

Make a Donation button image




STEP 3:  INSTALL the Department of Defense (DoD) CERTIFICATES

Installation Steps

Step 1: Obtain a CAC Reader
Step 2: CAC Reader driver
Step 3: DoD Certificates
Step 4: ActivClient
Step 4a: Update ActivClient
Step 5: IE adjustments
Log into a CAC enabled website now


InstallRoot automates the install of the DoD Root certificates onto your Windows computer


If you want to access DoD websites from your Windows computer, you need this file.  You may need to reinstall them if the CAC enabled web site won't load, the website you are visiting is prompting you with the message there is a problem with the website's Security Certificate / site is not trusted, you have received a new CAC, or your DoD website worked up until recently and doesn't now.


 Apple computer users follow these instructions


Windows RT users follow these instructions


If you already have InstallRoot 4.1, 5.0, or 5.0.1 installed, there is no need to install it again, go here to see the process of updating your certificates.


Download InstallRoot 5.0.1 from:

MilitaryCAC (.msi version),

MilitaryCAC (.zip version),

AKO (.msi version), or

DISA (.msi version)


(It is the same file [except for .zip version] from 3 different locations, in the event a link doesn't work)




Select Next >



Select Next >


Select Next >


Select Install


Wait for it


You may need to Select Yes



Select Run InstallRoot


InstallRoot 4.1

Double click shortcut on your desktop (if you selected Close) Your icon may have a different number than 4.1


InstallRoot 4.1 

Click Install Certificates

If you have Firefox installed, you may see 2 or 3 tabs


Security Warning

Select Yes, (this screen may show 2 - 3 times) as it is installing the DoD Root CA 2, 3, & 4 certificates


Select OK (your number of Adds will vary)



How to verify you have the certificates installed


Internet Options

Open Internet Explorer, Select Tools (Gear), Internet Options



Select Content (tab), Certificates (button)



Intermediate Certification Authorities (tab) scroll down the Issued To column to the letters DOD to verify you have:

DOD CA-27 through DOD CA-32


Email 27-34




 DOD EMAIL CA 39 through DOD EMAIL CA 44



 DOD ID CA-33 through DOD ID CA-34



DOD ID CA-39 through DOD ID CA-44


ID SW 35-38

DOD ID SW CA-35 through DOD ID SW CA-38




DOD ID SW CA-45 through 48

DOD ID SW CA-45 through DOD ID SW CA-48


also verify the Root certs installed (as sometimes the Antivirus program doesn't allow these to be installed)


DoD Root CA2-CA4

Open the Trusted Root Certification Authorities (tab) verify you have:

DoD Root CA 2 through DoD Root CA 4, and DST Root CA X3


 flag bar


If you see "There is a problem with this website's security certificate" after installing the DoD InstallRoot file or the Red Certificate error below, follow this guide

Security Error

Certificate Error






Download and run the Cross Cert Remover tool


You can install both the InstallRoot and the Cross Cert Removal tool in one single file which was created by NETCOM (Army Network Enterprise Technology COMmand)

This file is created for Home Users ONLY, you can download it from: 


flag bar


A certificate is a digital document providing the identity of a Web site or individuals.  DoD Web sites use a certificate to identify themselves to their users and to enable secure connections.  If you are receiving a warning that a site is untrusted / insecure, you will need to install the "DoD Certificates."  In order to access sites enabled with a DoD PKI certificate without being prompted to accept the DoD Certificate chain at each log on [like Firefox and Safari do], people using Internet Explorer and Chrome should install the certificates.  These are separate from the personal certificates that are on your CAC, but they are related.



Root Certificates


How can you (or your web server) trust the identity of someone over the network?  An infrastructure of trusted third parties has been put in place to distribute trust between end-users.  This infrastructure verifies that we are who we say we are.  If we trust the DoD PKI infrastructure, then the infrastructure can vouch for us to trust others that have certificates issued from the DoD PKI.

DoD Root Hierarchy image

Click to see full size image


The DoD PKI Infrastructure is comprised of two Root Certification Authorities and a number of Intermediate Authorities.  If all of the DoD root certificates are not installed on your computer, various applications will not be able to trust all DoD PKI certificates.


Fed Cross Cert image 

More information about this image can be found here:



If you have questions or suggestions for this site, contact Michael J. Danberry

Are you interested in subscribing to the CACNews email list?



ACRONYM Reference Page


GoDaddy Site Certified seal


Last Update or Review:  Sunday, 12 February 2017 18:44 hrs


The following domain names all resolve to the same website:,,, &