Windows!

Disable Ad Blockers
To see all outbound links
Stacks Image 177
To get started with Windows, you will need the following items;

CAC / PIV Card
Smart Card Reader (Hardware)
Smart Card Software / Drivers
Digital Certificates

CAC / PIV Card


Stacks Image 228

Military: For starters you will need your CAC Card. You should setup your appointment via RAPIDS.

Civilian: Your Human Resources / Physical security department within your agency will contact you to get a PIV card. This process is usually started on the completion of the SF-86 within eOPF.

Cac Card Reader

Stacks Image 250
There are a ton of CAC / PIV readers in the market. They range from USB-A (Traditional USB) to USB-C (Common in the latest hardware).

They can be stand alone devices or "built-in" on your USB keyboard. Here are the ones I've tested out.

USB C Card Readers - Common on New Laptops

USB A Card Readers - "Traditional USB"

Keyboards with Card Readers Built In

Digital Certificates (DOD & Civilian)


Stacks Image 514

DOD Certificate Import


The best way to install the DOD certificates is using the InstallRoot 5.2: NIPR Windows Installer

This tool allows users to install DoD production PKI, Joint Interoperability Test Command (JITC) test PKI, and External Certification Authority (ECA) CA certificates into their Windows and Firefox certificate stores. InstallRoot 5.1 is packaged with a command line version as well as an InstallRoot service, which can check for updated Trust Anchor Management Protocol (TAMP) messages that contain the latest certificate information from DoD. The following operating systems are supported: Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

InstallRoot instructions for Internet Explorer & Google Chrome:

Install the ECA PKI CA certificates:
  1. Visit the Tools section on the IASE PKI-PKE website http://iase.disa.mil/pki-pke/Pages/tools.aspx.
  2. Scroll to the "Trust Store Management" section and find the InstallRoot 3.xx: Windows Installer Application.
  3. Download the MSI into a known location and double click the application to proceed with the installation wizard of InstallRoot GUI.
  4. On the Select Installation Folder screen of the wizard, enter the desired installation location for the tool and click Next. The default path is C:\Program Files\DoD-PKE\InstallRoot 3.xx\. On 64-bit operating systems, the x86 program files directory will be used by default. Click on Finish once the installation wizard completes.
    NOTE: IF THE TOOL IS BEING INSTALLED BY A NON-PRIVILEGED USER, ENSURE THAT A DIRECTORY TO WHICH THE USER HAS WRITE PERMISSIONS IS SELECTED IN THIS STEP
  5. Navigate to the installation directory and execute the InstallRoot 3.xx application. A window screen labeled "InstallRoot – Standard Mode Version 3.xx" will be displayed.
  6. From the options displayed check the box to Install ECA Certificates and the box to Install DoD NIPR Certificates
  7. In the Select Trust Store option, choose the Windows / Internet Explorer option.
    NOTE: GOOGLE CHROME ON WINDOWS BASED OPERATING SYSTEMS USES THE WINDOWS/INTERNET EXPLORER TRUST STORE FOR CERTIFICATE OPERATIONS.
  8. Click on the Install button. Once InstallRoot completes the installation you will receive a message stating the number of certificates that were installed.
  9. You are done; the latest ECA and DoD Certificates should now be installed in the Windows/Internet Explorer Trust Store.
  10. For additional guidance on InstallRoot, you may reference the InstallRoot 3.xx: User Guide on the Tools section on the IASE PKI-PKE website.

InstallRoot instructions for Firefox:

Install the ECA PKI CA certificates:
  1. Visit the Tools section on the IASE PKI-PKE website http://iase.disa.mil/pki-pke/Pages/tools.aspx.
  2. Scroll to the "Trust Store Management" section and find the InstallRoot 3.xx: Windows Installer Application.
  3. Download the MSI into a known location and double click the application to proceed with the installation wizard of InstallRoot GUI.
  4. On the Select Installation Folder screen of the wizard, enter the desired installation location for the tool and click Next. The default path is C:\Program Files\DoD-PKE\InstallRoot 3.xx\. On 64-bit operating systems, the x86 program files directory will be used by default. Click on Finish once the installation wizard completes.
    NOTE: IF THE TOOL IS BEING INSTALLED BY A NON-PRIVILEGED USER, ENSURE THAT A DIRECTORY TO WHICH THE USER HAS WRITE PERMISSIONS IS SELECTED IN THIS STEP
  5. Navigate to the installation directory and execute the InstallRoot 3.xx application. A window screen labeled "InstallRoot – Standard Mode Version 3.xx" will be displayed.
  6. From the options displayed check the box to Install ECA Certificates and Install DoD NIPR Certificates.
  7. In the Select Trust Store option, choose the Firefox / Mozilla / Netscape option.
  8. Click on the Install button.
  9. A prompt will display asking the user to select from a list of Firefox user trust stores found on your system. Please allow InstallRoot a few minutes to identify and locate user trust stores on the system in order to display the list. Select the desired user trust store and click OK when prompted.
  10. Once InstallRoot completes the installation you will receive a message stating the number of certificates that were installed.
  11. If Firefox is currently open, close and restart Firefox so the new settings are applied.
  12. You are done; the latest ECA and DoD Certificate should now be installed in the Firefox Trust Store.
  13. For additional guidance on InstallRoot, you may reference the InstallRoot 3.xx: User Guide on the Tools section on the IASE PKI-PKE website.

Civilian Digital Certificate Import

Stacks Image 562
Here are the steps, the digital certificates should be provided to you by your agency. If you are with the DOD, Please check the section above:

Hit Windows Key and Type Cert:
Stacks Image 554
Enable UAC Prompt

On Windows 7 and up, You will most likely get the prompt for User Account Control. Click "Yes" to continue.
Stacks Image 601
Navigate to the folder containing your Certificates

You will have multiple certificates that were provided to you by your agency. They are usually broken down for Authentication, Signing, Encryption (For Outlook etc).

Right click each certificate and select Install (You might have install CRL or CER)
Stacks Image 582
Certificate Import Wizard:

You will get multiple prompts for the Certificate Import Wizard, its pretty much click thru's:
Stacks Image 586
Certificate Store Locations:

I usually select "Automatically … "
Stacks Image 591
Almost Done with the Wizard:

Select "Finish" to complete the import process.
Stacks Image 596
Congrats!

You have officially imported all of your certificates!

Windows Software - Activ Client

Stacks Image 617
The Main Software that is used on Windows with the CAC / PIV Card is called:
ActivClient is the smart card middleware from ActivIdentity that allows government organizations to easily use smart cards and USB tokens for a wide variety of desktop, network security and productivity applications. ActivClient enables usage of PKI certificates and keys, one-time passwords and static passwords on a smart card or USB token to secure desktop applications, network login, remote access, web login, e-mail and electronic transactions.

SCB Solutions is one of the place where you can buy this software. Step by step install of this is coming soon!

Frequently Asked Questions:

Card Blocked?
If you enter the PIN number incorrectly - the card will get blocked.

Unfortunately, this requires a visit to your ID office (RAPIDS. (Real-time Automated Personal Identification System)) to get your card unblocked, updated, or replaced. Please make sure you have the required paperwork to before you are there for this appointment.
How to set Default Applications in Windows 10
If you enter the PIN number incorrectly - the card will get blocked.

Unfortunately, this requires a visit to your ID office (RAPIDS. (Real-time Automated Personal Identification System)) to get your card unblocked, updated, or replaced. Please make sure you have the required paperwork to before you are there for this appointment.
Oberthur CAC Card?
Ensure you have the latest ActivClient Installed: It should be Version 7.1
Adobe Acrobat Reader Problems
Does Windows recognize my Cac Card Reader?