The DoD has established the External Certification Authority (ECA) program to support the issuance of DoD-approved certificates to industry partners and other external entities and organizations. The ECA program is designed to provide the mechanism for these entities to securely communicate with the DoD and authenticate to DoD Information Systems.

ECA Certificates are obtained directly from the vendors. You may purchase an ECA Certificate from one of the approved vendors below:

Certificate profiles for all ECA certificate types are provided in Section 10 of the ECA CP. The DoD Cyber Exchange is sponsored by Defense Information Systems Agency (DISA)

Authenticating ECA certificates requires installing the ECA Root CA certificate into the local trust list of the web server. Some web servers also require installing the CA certificates for each ECA subordinate CA.

ECA certificates are included in InstallRoot and the PKCS#7 Certificate Bundle for ECA PKI. The Global Directory Service (GDS) hosts ECA information including CA certificates, cross-certificate content, and Certificate Revocation Lists (CRLs).

To fully interoperate with the ECA PKI, users must import the ECA Root and ECA subordinates CA certificates into their trust store. The latest certificates may be installed automatically by using InstallRoot.

2021年11月8日 · The DoD External Certification Authority (ECA) program provides an alternate method for DoD partners to obtain DoD-approved PKI credentials and is also included.

ECA CP identifies three assurance levels for ECA certificates, Medium, Medium Token, and Medium Hardware, summarized in the below table. All subscribers should contact the Application Owner to determine which, if any, ECA certificates are accepted for application or site access.

ECA Certificate Policy Version 4.6 This Certificate Policy (CP) addresses the requirements for the External Certification Authorities (ECAs). ECAs issue DoD approved PKI certificates to Subscribers who have a need to conduct business primarily with the government.

2024年12月9日 · The ECA PKI has recently deployed ECA Root CA 5 and WidePoint ECA 9. These new certificates are now available in the ECA…