Académique Documents
Professionnel Documents
Culture Documents
3
Windows 8 / 8.1 users need to use the
Internet Explorer on the Desktop
taskbar (bottom of screen)
6
Check the Delete browsing history on exit (box),
click Delete…
NOTE: “A few” IE 11
users have experienced
problems when
checking this box.
7
Check the top 4 boxes, leave the rest unchecked,
click Delete
8
Click Settings
9
Change this number to 50, click OK
NOTE: This is my
personal
recommended size.
Making it smaller will
make your browser
look for an updated
page more often. The
larger it is, the more
web sites are being
stored on your
computer.
10
Click the Security (tab)(1), Trusted sites (green
checkmark)(2), then Sites (button)(3)
2
1
3
11
Remove all websites that end in .mil from the
Websites: (box) by clicking the listed website,
selecting Remove, then clicking Close
NOTE: Most Government
owned computers will not
NOTE2: Some people will
let you make changes to
argue that AKO “should
this area. Your only
be” in the trusted sites.
option is to skip this step.
Here’s what I’ve been
This is the Websites: box
able to deduce: it WAS
needed with IE 6 & 7,
*-NOTE3: As of 13 APR however, if using: IE 8, 9,
17, if you need the 10, or 11 AKO users will
ability to send and be “recycled” to the AKO
receive encrypted home page. So, IE 8, 9,
email in OWA, you’ll 10, and 11 users REMOVE
need to add it.
https://*.mail.mil to
the websites box Read more about this issue at http://milcac.us/files/win10smime.pdf
12
Click the Content (tab), Certificates (button)
Click:
Clear SSL
state
13
Most people will see 3 DOD certificates (2 with EMAIL
and 1 without) under the Personal (tab) Issued By
(column). If you see more than 3, go to slide 24 for
further instructions. Personnel with 2 CACs will see a
4th certificate once their PIV is activated on their
card.
- Cross Cert remover Automated file (you may Another way to remove the certificates utilizing
need to run as administrator) to remove
certmgr.msc This guide can be used if the method
certificates Listed above (Does not always work)
Download from MilitaryCAC (3 MAR 16 version) above doesn’t work for you.
15
Download from DISA (3 MAR 16 version) Information about the Cross Cert Remover
These are the known “bad certs” that
need to be removed from Intermediate
Certification Authorities (tab) [if found]:
Issued To Issued By
DoD Interoperability Root CA1 SHA-1 Federal Root CA G2
DoD Interoperability Root CA2 Federal Bridge CA 2013
DoD Interoperability Root CA2 Federal Bridge CA 2016
DoD Root CA 2 DoD Interoperability Root CA 1
DoD Root CA 3 DoD Interoperability
Federal Bridge CA 2016 or 2013 Federal Common Policy CA
SHA-1 Federal Root CA G2 Federal Common Policy
16
Click the Connections (tab)(1), LAN settings
(button)(2), make sure none of the boxes are
checked(3) (Personal Computers only), click OK
1
17
Click the Advanced (tab), scroll to the bottom of the
list, make sure that only TLS 1.0, 1.1, & 1.2 are
checked. The SSL(s) should NOT be checked
18
When using Edge in Windows 10, select
… (More), then Open with Internet
Explorer
More
19
If you are still having issues, uncheck "Enable Enhanced Protected
Mode*“ This is sometimes needed to sign evaluations on EES
(Army’s OER / NCOER system). https://evaluations.hrc.army.mil
More information available at https://MilitaryCAC.com/ees.htm
23
You may need to Remove certificates (see slides 5 & 13
for instructions on how to get to this location). People
with 2 CACs may see up to 8 certs after they have
activated their PIV certificates (4 certs per card).
NOTE:
Removing certs
and your CAC,
then reinsert
your CAC is a
way to test if
NOTE2: You will your reader
receive a message and
stating: You cannot middleware are
decrypt data
encrypted using the
working
certificates. Select: properly.
Yes
This page is CAC Specific 24
Your certificates “should” automatically be available
to Windows when you remove and reinsert your CAC
into the reader, however…
• If you have ActivClient 6.2.0.x (Windows 7) installed.. You can double click
the ActivClient icon (by your clock in the lower right corner of your screen)
now go to slide 26
• If you don’t see it there: Windows 7 users can Click Start / Windows logo,
All Programs, ActivIdentity, ActivClient, User Console. Now go to next slide
• Windows 7, 8 / 8.1, & 10 native users will not see an ActivClient icon, since
you are not using it.
• ActivClient 7.0.x.x. & 7.1.x.x do not have the function of making available to
windows, your only option is to remove the card and reinsert it.
DOE.JOHN.ANDREW.1111111111’s
DOE.JOHN.ANDREW.1111111111’s
29
When checking your email on Windows 10, make
sure you are selecting the correct certificate. Select
More choices to see additional certificate(s)