Security certificate

Q4: “There is a problem with this website security certificate” error. Your options are listed as “Click here to close this webpage” or “Continue to this website” where it states it is not recommended
A4: Latest DoD Certificates are needed

Installation Steps
Step 1: Obtain a CAC Reader by going to caccards.com. We recommend the SCM SCR331 here.
Step 2: CAC Reader driver / Video
Step 3: DoD Certificates / Video
Step 4: ActivClient / Video
Step 5: Lotus Forms / Video
Step 6: ApproveIt / Video

InstallRoot installs the DoD Root certificates into Microsoft products. Note: Home users “should not” need administrative rights to run this program. Sometimes you may have to save the file to your computer, then right click it and click Run as Administrator. Government owned computers may require admin rights.

If the website you are visiting is prompting you that the site is not trusted, or your DoD website worked up until recently and doesn’t now, you need to update your DoD certificates.

Apple computers DO NOT NEED this file

STEP 2: INSTALLING / UPDATING THE CAC READER DRIVER

Plug your CAC reader into your computer before proceeding

Vista & 7: Right click Computer, select Properties, Device Manager link (upper left corner of the screen), scroll down to Smart card readers, select the little triangle next to it to open it up. If your smart card reader is already listed, you can go to the next step of installing the DoD certificates. NOTE: If you can’t find it, you can also click Start, In the Start Search line type in: devmgmt.msc.

XP: Right click My Computer, select Properties, Hardware tab, Device Manager button, scroll down to Smart card readers, select the + next to it to open it up. If your smart card reader is already listed, you can go to the next step of installing the DoD certificates.

STEP 3: INSTALL the Department of Defense (DoD) CERTIFICATES

InstallRoot installs the DoD Root certificates into Microsoft products. Note: Home users “should not” need administrative rights to run this program. Sometimes you may have to save the file to your computer, then right click it and click Run as Administrator. Government owned computers may require admin rights.

If the website you are visiting is prompting you that the site is not trusted, or your DoD website worked up until recently and doesn’t now, you need to update your DoD certificates.

Apple computers DO NOT NEED this file

DOD InstallRoot 3.15a was issued on 16 September 2011

Download InstallRoot 3.15a

(Look at bold sentence below hashes IF your Internet Exploer 9 won’t let you download / run the file above)
MD5 Hash 6B16C909B1857422C2374A7023E8288C
SHA1 Hash 04D4DD1BDC9FE6609D238F5C69EAA68C2EDB99F5

Download a program like Hash Tab utility to verify the InstallRoot 3.15A download above

If IE9 won’t let you download / install the program, download this zip file and run the InstallRoot_v3.15A.exe file inside it.

Select Run when prompted to Run or Save the file, you will see a black DOS screen show on your screen, and have words scrolling in it. When it goes away, you have just installed the DoD certificates on your computer. (This is the easiest portion of the software install).
NOTE: Windows Vista & 7 may show a message that the file might not have installed correctly. Select “This program installed correctly.”

PROCEED TO STEP 4 – INSTALL ACTIVCLIENT

Alternate download links for the DoD certificates:

Your Internet Explorer may prompt you with a banner stating it blocked this site from downloading files to your computer. Click the box for the option to Download File. Nothing will happen, now go back and click the link again above. Now it will give you the option to Run, Save, or Cancel.

-or-

The DoD PKE (Public Key Enablement) website

http://iase.disa.mil/pki-pke/function_pages/tools.html
Click on: InstallRoot 3.15 A, then click on (ZIP Download) Size: 240KB. Save it to your computer, then double click the folder titled: unclass_installroot_v3.15a.zip, open: InstallRoot_v3.15A, Windows, then run InstallRoot_v3.15A.exe. Now you have the same file as above.

-or-

Navy Information Assurance website

https://infosec.nmci.navy.mil/PKI/installroot_v3.15a.exe (Requires CAC)
Select Run when prompted to Run or Save the file, you will see a black DOS screen show on your screen, and have words scrolling in it. When it goes away, you have just installed the DoD certificates on your computer.
NOTE: Windows Vista & 7 may show a message that the file might not have installed correctly. Select “This program installed correctly.”

-or-

STILL VERSION 3.13A: The DoD PKE public site: https://www.dodpke.com/InstallRoot/ has the DoD Certificates.
Right click, Save target as on the InstallRoot 3.13A.zip file to a location of your choice. Once it is downloaded, go to the location you just downloaded it to. Right click the zip file and select Extract all. Pay close attention to where it wants to save the file to, it will create a folder where it will extract the files into. NOW double click InstallRoot_v3.13A.exe file. It will be the one that is 313KB in size and file type will be Application.

Information:
A certificate is a digital document providing the identity of a Web site or individuals. DoD Web sites use a certificate to identify themselves to their users and to enable secure connections. If you are receiving a warning that a site is untrusted / insecure, you will need to install the “DoD Certificates.” In order to access sites enabled with a DoD PKI certificate without being prompted to accept the DoD Certificate chain at each log on [like Firefox and Safari do], people using Internet Explorer and Chrome should install the certificates. These are separate from the personal certificates that are on the CAC itself.

Root Certificates (Information received from https://infosec.nmci.navy.mil )

How can you (or your webserver) trust the identity of someone over the network? An infrastructure of trusted third parties has been put in place to distribute trust between end-users. This infrastructure verifies that we are who we say we are. If we trust the DoD PKI infrastructure, then the infrastructure can vouch for us to trust others that have certificates issued from the DoD PKI.

DoD Root Hierarchy image

Click to see full size image

The DoD PKI Infrastructure is comprised of two Root Certification Authorities and a number of Intermediate Authorities. If all of the DoD root certificates are not installed on your computer, various applications will not be able to trust all DoD PKI certificates.

If it did not install correctly… Try this first: Go to Device Manager (Instructions are above), scroll down to Smart Card readers, right click the CAC reader that shows up below Smart Card Readers. It could also be under unknown devices. Select Uninstall. It will give you a message. Once it is uninstalled, unplug the reader from your computer. Wait a few moments, then plug it back in. It “should start to install itself. If that doesn’t work, keep reading for other ideas below.

STEP 4: ARMY ACTIVCLIENT 6.2.0.50 INSTALL PAGE (Everyone other than Army, look below)
(THIS SOFTWARE ALLOWS YOUR READER TO “COMMUNICATE” WITH WINDOWS)

Download links on this page are for Army personnel ONLY

IF you are NOT in the Army, click here or scroll to the bottom of this page for your download information / links

NOTE: If you are looking for the 6.2.0.119 version of ActivClient, you need to know that it is a hotfix to previous versions. So, you need to download the 6.2.0.50 below, then use the hotfix to update ActivClient to 6.2.0.119.

WINDOWS 7 USERS:

NEWS: Is your CAC a: “Gemalto TOP DL GX4 144″ or “Oberthur ID One 128 v5.5 Dual”)? If you have Windows 7, you “may” be able to use your CAC without installing ActivClient.

  1. Gemalto Top GL 144 CAC image Oberthur 5.5 CAC image
  2. If you only need the ability to logon to CAC enabled sites, consider using LPS (Lightweight Portable Security) The ability to complete and digitally sign forms does not exist via this method.
  3. Windows 7 (32bit), Vista (32bit), & XP Army users download ActivClient 6.2.0.50 from:
  4. https://www.us.army.mil/suite/folder/21154519
  5. Click on the link titled: ActivClient CAC x86 62050 (15,222.5 KB .msi file) select Save (save it to your computer), then follow installation instructions below.
  6. If you are unsure of which version of Windows 7, Vista, or XP you have, look below:
  7. Windows 7 (64 bit) and Vista (64 bit) Army users download ActivClient 6.2.0.50 from:
  8. https://www.us.army.mil/suite/folder/21154526
  9. Click on link titled: ActivClient CAC x64 62050 (12,316.5 KB msi file) select Save (save to your computer), then follow installation instructions below.
  10. If you have an Oberthur ID One 128 v5.5 Dual CAC and after installing ActivClient 6.2.0.50, it still doesn’t work, update ActivClient with the latest hotfix.
  11. If you are unsure which version of Windows you have, here is how to find out:
  12. Vista & 7: Right click Computer, select Properties. Look under the System section, System type: it will display either 32 or 64-bit Operating System.
  13. XP: Right click My Computer, Properties. If it doesn’t show 64-bit, you have a 32-bit Operating System.
  14. NOTE: If you have Windows XP (64 bit) be aware that the 64-bit 6.2 version doesn’t seem to work. You will need the 64 bit ActivClient 6.1 AND IF you have the newer CAC, you will need to download the needed update.

ACTIVCLIENT 6.2 INSTALLATION INSTRUCTIONS (for all versions of Windows):

  1. Double click the file you downloaded, select Next
  2. Read, then select “I accept the terms…”, select Next
  3. Verify Typical is selected, select Next, then Install, (It may pause at this screen for a little while, be patient. Windows 7 & Vista may prompt you to allow the following program to install software on this computer?, Select Yes.
  4. Uncheck the Show the readme file box (unless you want to read it). Hit Finish.
  5. NOTE: 64 bit versions of ActivClient usually prompt for a restart of your computer, So, Restart your computer now.
  6. YOU ARE FINISHED (IF YOU ONLY WANT TO BE ABLE TO LOGON TO AKO (or other CAC enabled websites with your CAC).
  7. PROCEED TO STEP 5 – TO INSTALL LOTUS FORMS VIEWER
  8. ACTIVCLIENT INSTALLATION PROBLEMS AND SOLUTIONS
  9. ActivClient 6.2 software update
  10. See how ActivClient works
  11. PLEASE NOTE: The following Operating Systems are listed as NOT SUPPORTED by the ActivClient program above: Windows ME, Windows NT 4, Windows XP Tablet PC Edition or any earlier versions of Microsoft Windows and non-Microsoft OS’

STEP 5: LOTUS FORMS IS THE FORMS PROGRAM CURRENTLY IN USE BY THE ARMY AND AIR FORCE

If you are having problems accessing the Lotus Forms software download link outside of the hours listed above, or are wondering why there is NO alternate Army download location, please read below.

NOTE: If you currently have Pure Edge viewer and ApproveIt installed, I recommend you go into Control Panel and uninstall them. It will drastically speed up the install process below. The Lotus Forms program has the ability to uninstall Pure Edge, but in my assistance to others, it does not work well.

Installation Steps:

  1. Download Lotus Forms 3.5.1.123 from: https://chess.army.mil/ascp/commerce/download/lotus_forms_viewer.jsp
  2. You will be prompted to Accept the conditions that you are logging into an Army / DoD website. Read it then select I Accept.
  3. NOTE: If this is the first time you have been to this website you will have to register.
  4. NOTE2: If the following page does not take you to the page titled Lotus Forms Viewer, you will need to navigate to it via the buttons on the left side of the screen. Click Software, Army Software Downloads, Lotus Forms Viewer.
  5. Click the link titled: Download Software, (you will be prompted to logon with your AKO registered CAC).
  6. Click the Army CAC Logon (button), Enter your CAC PIN.
  7. Click the link titled: Lotus Forms Viewer Application and save it to your computer.
  8. Once it is downloaded, double click the file titled: LotusForms351.exe,

NOTE: When it says it will take a few minutes to install, it really does (one person stated it took 5 hours). Once the little box closes it has finished installing. This program does not tell you it completed.

NOTE: My personal recommendation to verify the software installed is to navigate to Control Panel: Uninstall a program (Windows 7 / Vista), or Programs and Features (Vista), or Add/Remove Programs (XP) look for: IBM Lotus Forms.

Video Installation Instructions

PROCEED TO STEP 6 – INSTALL APPROVE IT

LOTUS FORMS INSTALLATION PROBLEMS AND SOLUTIONS

The ideas on this website are from my personal experience. I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program. 703-692-1306 / DSN: 312-222-1306 , Webform, or apdfcmp@conus.army.mil

If you are having problems accessing the CHESS website, contact the CHESS help desk at: peoeis.pdchess.helpdesk@us.army.mil or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday – Friday 0800-1700 Eastern).

To download DA forms, go to the Army Publishing Directorate website http://www.apd.army.mil/ , click on the Forms (tab) DA Forms button. Find the form you want (in the range of form numbers). Right click the XFDL link to the right of the form you want, Select Save Target As. Save it to your computer and you will have the form for later. You can also click the link, it will open up your Lotus Forms or Pure Edge software automatically (only if using Internet Explorer 6, 7, or 8). All other browsers will have to use the Right click, Save As option to save your form.

You can use the following link to download all available Lotus Forms / PureEdge forms in a single zipped file.

http://www.army.mil/usapa/eforms/index.html#eforms_range

It is recommended if you want to use this .zip file [with all the forms], you [at a minimum] re-download the file once a week. This is due to forms being made obsolete, updated, new forms being added, etc. This way you are sure to have the most current version of any form that is available.

  1. You will want to use the “click here” for the XFDL files, which is located in the middle of the page.
  2. Digitally signing a form is easy when following these instructions
  3. With a form open and your CAC inserted in the card reader
  4. Single click the area that looks like a little slanted pen with some writing after it
  5. Read the disclaimer, hit OK
  6. Click the word Sign
  7. Select your name (the one without the word email in it), then OK
  8. You should see your name, once you do, click the word Sign
  9. It will prompt you for your PIN, type it in, then select OK
  10. Once you read Signature is valid, Select OK
  11. You have now signed your form
  12. If the word Sign is GRAY, please look here for some known cures
  13. Are you curious how to change the check marks to X’s on forms?
  14. Open Lotus Forms, click the Preferences button (blue and red O + on it)
  15. Select Advanced Settings
  16. Select the box next to: Use “X” Style Check Boxes
  17. If you are interested in knowing how to digitally sign an Excel or Word 2003 or 2007 file, this is how to do it
  18. This email was received from APD on 25 August 2010 when I asked for permission to have an alternate download location for people when the CHESS website is down.
  19. “In regards to your email, As I am sure you are well aware APD is the Enterprise provider of Lotus Forms Viewer and Silanis ApproveIt software. There are only two channels that are authorized to be the authoritative distributor of the fore mentioned software, 1. AGM (Army Gold Master) for GFE (Government Funded Equipment) installation / use and 2. CHESS (Computer Hardware, Enterprise Software Solutions) for PFE (Personal Funded Equipment) installation / use. APD does not authorize any other body (i.e. AKO files) to distribute its Enterprise Software. Your request to have this software hosted in your files has been dually noted. At this time your request to host / provide the Lotus Forms Viewer and Silanis ApproveIt software is Denied. You will be advised if APD’s stance on this request changes in the future.”
  20. For issues obtaining the software from the CHESS website, utilize the Official Army channels listed below.
  21. The ideas on this website are from my personal experience. I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program. 703-692-1306 / DSN: 312-222-1306 , Webform, or apdfcmp@conus.army.mil
  22. If you are having problems accessing the CHESS website, contact the CHESS help desk at: peoeis.pdchess.helpdesk@us.army.mil or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday – Friday 0800-1700 Eastern).
  23. Download the Air Force version of Lotus forms:
  24. http://www.e-publishing.af.mil/shared/media/epubs/resource/LFViewer_3512.zip
  25. NOTE: This new version has toolbar.ifx loaded. Therefore it “should” work for Army users.
  26. Former version that did not include the toolbar.ifx
  27. http://www.e-publishing.af.mil/shared/media/epubs/resource/LFViewer_3551_Public.zip

STEP 6: APPROVEIT ALLOWS ARMY USERS THE ABILITY TO DIGITALLY SIGN FORMS USING YOUR CAC

(The CHESS website has scheduled outages: Saturdays between 0200-0500 EST and the 2nd & 4th Tuesday of the month between 0700-1200 EST)

Please know that on: 1 December 2010, CHESS went to AKO registered CAC ONLY. They are One year ahead of schedule based on this memo.

If you are having problems accessing the ApproveIt software download link below (outside of the hours listed above), or are wondering why there is NO alternate download location, please read below.

Installation Steps:

Preliminary Note: Make sure you have already installed Lotus Forms, and Adobe Reader (9.4 or below) before installing Lotus Forms. If you have Adobe Reader X installed, you will have problems (fix for this)

  1. Download ApproveIt 6.5 from: https://chess.army.mil/ascp/commerce/download/silanis_approveIt.jsp
  2.  You will be prompted to Accept the conditions that you are logging into an Army / DoD website. Read it then select I Accept.
  3. NOTE: If the following page does not take you to the page titled Silanis ApproveIt, you will need to navigate to it via the buttons on the left side of the screen. Click: Software, Army Software Downloads, Silanis ApproveIt.
  4. Click the link titled: Download Software, (you will be prompted to logon with your AKO registered CAC). (The file size is 43.1 MB, so it may take a while to download).
  5. Click the Army CAC Logon (button), Enter your CAC PIN.
  6. Click the link titled: Silanis ApproveIt Desktop Software and save it to your computer.
  7. Once it is downloaded, double click the file titled: ApproveIt_6.5.exe, then select Run
  8. Click the Browse… (button) and select a location like your Desktop or Documents, then select OK, now select Unzip. When you get the little box stating 17 file(s) unzipped successfully select OK. (If you don’t select a location, it will automatically place it into a hidden folder inside Windows)
  9. Close the WinZip Self-Extractor window.
  10. Navigate to the location you selected in step 7. You will see a folder titled: ApproveIt 6.5, open it and select AGMInst.exe (Army Star Logo) Application file type. If the Windows User Access Control pops up, Allow it.
  11. NOTE: If you receive “No host application was found on this computer. Please install the host application before installing ApproveIt Desktop” look here for cure
  12. 10. You will have a small window (like Lotus Forms did) telling you to wait.
  13. NOTE: XP users may need to go into the Source folder and click Setup.exe (82KB) if the above instructions did not work.
  14. NOTE: My personal recommendation to verify the software installed is to navigate to Control Panel: Uninstall a program (Windows 7 / Vista), or Programs and Features (Vista), or Add/Remove Programs (XP) look for: ApproveIt Desktop.
  15. APPROVEIT INSTALLATION PROBLEMS AND SOLUTIONS
  16. 1Restart your computer, then come back to this page to use the Sample Form below OR you may want to save it to your desktop now.
  17. Use this Sample Form to test your digital signature.
  18. Image of a blank DA3161
  19. NOTE: This will only work on Internet Explorer 6, 7, or 8. If you are using IE 9, Firefox, Chrome, Safari, or Opera you will need to right click the “sample form” link and select Save Link As / Download Linked File As / Save to Download Folder. Save it to your desktop, then test from your desktop. If your computer downloads it as a .txt file, right click it and change it to .xfdl
  20. If you are not familiar with signing forms with your CAC? Look here for instructions. Visual steps, or Watch Video

CONGRATULATIONS, YOU HAVE NOW SUCCESSFULLY INSTALLED ALL NEEDED PROGRAMS ON YOUR COMPUTER.

The ideas on this website are from my personal experience. I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program. 703-692-1306 / DSN: 312-222-1306 , Webform, or apdfcmp@conus.army.mil

If you are having problems accessing the CHESS website, contact the CHESS help desk at: peoeis.pdchess.helpdesk@us.army.mil or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday – Friday 0800-1700 Eastern).

APD Installation guide for ApproveIt 6.5
ApproveIt Desktop enables users to approve, verify and securely print documents, forms, letters and spreadsheets. ApproveIt uses Silanis Intelligent Signature Technology, which is a form of electronic signature developed by Silanis and is based on digital signature technology. The Silanis Intelligent Signature Technology electronically signs the content of documents or forms that are presented to the user in Adobe Acrobat, Adobe Reader, Microsoft Word, Microsoft Excel, Lotus Forms, PureEdge Viewer, and FormFlow. Upon signing a document or form with ApproveIt Desktop, the electronic signature and audit trail information is embedded within the structure of the document or form and becomes a permanent part of it, much like a wet ink signature on paper.

  • If you are interested in knowing how to digitally sign a memorandum, this is how to do it (Word 2003 & 2007 only)
  • If you need to completely uninstall ApproveIt, follow this information.

To download DA forms, go to the Army Publishing Directorate website http://www.apd.army.mil/ , click on the Forms (tab) DA Forms button. Find the form you want (in the range of form numbers). Right click the XFDL link to the right of the form you want, Select Save Target As. Save it to your computer and you will have the form for later. You can also click the link, it will open up your Lotus Forms or Pure Edge software automatically (only if using Internet Explorer 6, 7, or 8). All other browsers will have to use the Right click, Save As option to save your form.

  1. Digitally signing a form is simple when following these instructions
  2. Video Signing Instructions
  3. With a form open and your CAC inserted in the card reader
  4. Single click the area that looks like a little slanted pen with some writing after it
  5. Read the disclaimer, hit OK
  6. Click the word Sign
  7. Select your name (the one without the word email in it), then OK
  8. You should see your name, once you do, click the word Sign
  9. It will prompt you for your PIN, type it in, then select OK
  10. Once you read Signature is valid, Select OK
  11. You have now signed your form
  12. Fix the ePersona message when trying to sign
  13. Watch Silanis Electronic Signatures 2-minute Presentation
  14. This email was received from APD on 25 August 2010 when I asked for permission to have an alternate download location when the CHESS website is down.
  15. “In regards to your email, As I am sure you are well aware APD is the Enterprise provider of Lotus Forms Viewer and Silanis ApproveIt software. There are only two channels that are authorized to be the authoritative distributor of the fore mentioned software, 1. AGM (Army Gold Master) for GFE (Government Funded Equipment) installation / use and 2. CHESS (Computer Hardware, Enterprise Software Solutions) for PFE (Personal Funded Equipment) installation / use. APD does not authorize any other body (i.e. AKO) to distribute its Enterprise Software. Your request to have this software hosted in your files has been dually noted. At this time your request to host / provide the Lotus Forms Viewer and Silanis ApproveIt software is Denied. You will be advised if APD’s stance on this request changes in the future.”
  16. For issues obtaining the software from the CHESS website, utilize the Official Army channels for assistance.
  17. The ideas on this website are from my personal experience. I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program. 703-692-1306 / DSN: 312-222-1306 , Webform, or apdfcmp@conus.army.mil
  18. If you are having problems accessing the CHESS website, contact the CHESS help desk at: peoeis.pdchess.helpdesk@us.army.mil or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday – Friday 0800-1700 Eastern).