How to Request a DoD Server Certificate

I have worked in many government facilities throughout my career and most recently I was in charge of securing a couple SQL Server database servers. One of the items on the “checklist” to secure was installing a server-level DoD SSL certificate. By installing this certificate, it would allow me to enable “Force Encryption” in SQL Server Configuration Manager.

Work environments differ. Some require you to do everything. Some require you to do a certain point before passing it to a point of contact within the organization. If you are in charge of installing a DoD SSL Certificate and have a CAC card, then hopefully this blog will help you save time and headache! (feel free to contact me if you have any issues)

You will first have to submit your hash at the following link to get a “request ID”, which you will need to fill out the form.

Visit: https://ca-27.csd.disa.mil/ca/

**UPDATE: New DoD PKI SHA-256 CAs have been released. Enrollment pages for these CAs are available at: https://ee-id-sw-ca-37.csd.disa.mil

1. You click on the link above, and then choose “New 2048-bit SSL Enrollment form” option (see screenshot below)

DoD Certificate Manager Homepage

2. Then, choose PKCS#10 for Certificate Request Type.

3. Cut and paste your hash in the “Certificate Request” textbox.

4. Type out the FQDN of your server in the “General Name Value” textbox.

5. Enter in your Name, Email, Phone in the “Requestor Information”

6. Click Submit.

DoD Certificate Manager Profile Page

The following screen will display a “Request ID.” Copy that Request ID and paste it in the Certificate Request form. For more details on how to install the certificate, check out my blog post here:

How to Create SSL Certificate for SQL Server

9 Replies to “How to Request a DoD Server Certificate”

  1. These steps are still relevant today, but I do believe you have to be a “Trusted Agent” in order to request these certs from DISA, otherwise the Request page will come up blank.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.