The steps for configuring Client side SSL (CSSL) for a SecureAuth appliance setup to validate CAC or PIV Cards
- Download root/intermediate DOD certificates.
- Install certificates as administrator.
- Verify installation of certificates into local computers cert store (not users)
Installing DOD Certificates
When SecureAuth prompts for a CAC or PIV certificate your webserver is actually matching the client side SSL certificates with the certificates that are installed on your SecureAuth appliance. In order to check these client side certificates we need to install the root and intermediate certificates on the appliance. If you have a specific set of root and intermediate certificates you can install them, if you do not this is the process to install the DOD root and intermediate certificates on the SecureAuth appliance.
1. Open the browser on the server and navigate to militarycac.com's download section HERE
2. Download 'InstallRoot 3.13.1a from MilitaryCAC'
3. You might be prompted to add militarycac.com to your trusted sites to complete the download
4. Click 'Open' so that the file automatically launches
5. Right-click 'InstallRoot_v3.13.1A' and select 'Run as administrator'
6. At the security warning click 'Yes'
7. Accept the security warning if prompted
Verify the DOD Certificates were properly installed
1. Click the start menu/SecureAuth/Tools and select 'Certificates Console'
2. Navigate to 'Trusted Root Certification Authorities' and ensure you have the DOD Root CA certificate installed
3. Navigate to 'Intermediate Certificate Authorities' and ensure the intermediate certs are there