Posted on Jun 18, 2018
CPT Plans Officer (S5)
46.1K
33
10
9
9
0
With all the money DoD spends on these websites, you'd think that they'd be able to figure out a solution to this situation. Why do they have to make it additionally hard for you to access almost all .mil websites by clicking "continue anyway"? Even then sometimes it doesn't work and I can't access the website from home, such as MEDPROS or AIM2.
Avatar feed
Responses: 5
SGT Signal Support Systems Specialist
9
9
0
DoD's Root Certificate Authority (CA) is not published to the public, it only available with in DISN (DoD Information Systems Network). So when you are visiting a DoD sponsored website like MEDPROS, or AIM2 from the out side of DISN (public ISP (Internet Service Provider), or internet). You have to force the browser to trust the unverified digital certificate. Or you can manually install the DoD Root certificates, which you can get from AKO.
(9)
Comment
(0)
Avatar small
SGT Joseph Gunderson
4
4
0
military sites utilize a different kind of security certificate that most web browsers, unless you have downloaded certain plugins, won't recognize. It isn't that the site is actually insecure rather you browser thinks that it is because it doesn't understand the codes.
(4)
Comment
(0)
SGT Joseph Gunderson
SGT Joseph Gunderson
>1 y
SFC Shirley Whitfield - AKO used to have a way to download the proper certificates but I cannot for the life of me remember how to do it nor do I know if they still provide them.
(1)
Reply
(0)
SGT Signal Support Systems Specialist
SGT (Join to see)
>1 y
Below is a link to AKO CAC Resource Center. (AKO Home > AKO CAC Reference Center > CAC Reference Center)
https://www.ako1.us.army.mil/suite/designer
There are also a way for you can download the latest DoD Root Cert from DISA Site.
https://iase.disa.mil/pki-pke/Pages/index.aspx
(3)
Reply
(0)
Jessica Peyton
Jessica Peyton
5 y
This is helpful info, but of course I can't even reach those sites to download the certificate because they are .mil too.... Maybe I'll try a different browser.
(0)
Reply
(0)
SGT Joseph Gunderson
SGT Joseph Gunderson
5 y
Jessica Peyton - Google Chrome always worked for me.
(1)
Reply
(0)
Avatar small
SGM Bill Frazer
2
2
0
I would expect an O2 to think better- hell sir, the attempts to hack into the Govt is staggering- and DOD, etc., are quite frequently penetrated.
(2)
Comment
(0)
Russell Butler
Russell Butler
>1 y
Actually SGM, this particular problem generally adds no security. PKI is designed for public keys to be available in situations like this and trusted by users according to their preference. In fact any of the sites that you can reach that give this error will have the x.509 public key cert available to download if the site is working properly and could be used to create this trust on the users computer. The real issue is lack of information. All the root certs are available from DISA rather than distributed by the software vendor partnership programs like most big CA providers. The other issue that is related to his second problem of not being able to get into sites has to do with the non-standardization of coding practices and protocols throughout the DoD. This includes enterprise sites that aren't up to current security standards that many browsers enforce by default. Don't confuse lack of information and general disorganization for enhanced security. These issues cause problems for legitimate users, but are really no barrier to a legit bad guy.
(3)
Reply
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close