Apple Support: NDU DoD Root Certificate Configuration Profile

This article will walk you through installing or removing the NDU DoD Certificate Authority Configuration Profile.

Just as the vast majority of commercial websites utilize public key cryptography to encrypt their websites (i.e. Google, Apple, Amazon) so too does NDU and the DoD rely heavily on the use of certificates to secure communications. Unlike commercial sites however, the DoD's certificate infrastructure is not by default trusted by modern day operating systems. NDU has created an Apple Configuration Profile for end users to install that will place the DoD's Root CA and Intermediate CA's onto your Apple device. It will also by default automatically trust these certs when accessing DoD sites, as well as connecting to NDU's wireless network (macOS only)

While highly recommend for users, it is at this time not required for access to our infrastructure of DoD resources. Instead when user's attempt to access or network or DoD sites, they will be warned every time that the certificate being used to encrypt communications are not trusted. Users will have to manually trust these certificates on a site-by-site, basis.

The configuration profile will simply install the DoD Root and Intermediate certificate authorities on your system. Users can at anytime remove this configuration profile manually or the configuration profile will remove itself after 365 days from the date of installation.

*If you are are using a NDU-issued Macintosh you do not need to install this profile, as your machine already has this profile installed

Installing on macOS

Follow these steps to install the NDU DoD Certificate Authority Configuration Profile

1. Download the configuration profile to your mac (filename: NDU_&_DoD_Root_Certificates_20230724)  *Link pending; will requires an activated NDU O365 account

  • If the file does not automatically open, double click on it in the finder which should open up Profiles in System Preferences
  • Click on the Show Profile button 

2. Verify that the title of the profile is NDU DoD Root CA and that the entry of National Defense University Verified is present

3. Click on Install

4. Click the Install button to accept the standard DoD consent to monitoring notice. *Note this consent ONLY applies when viewing DoD websites, or when on the NDU wireless network. The configuration profile does not enable any monitoring on your device

The configuration profile is now installed. Close the system preferences windows to continue.

Install on iOS

  • Tap here to download the configuration profile to your iOS device 
  • Tap on download in the Sharepoint window to download the file to your iOS device
  • If prompted select iPhone or iPad for which device to install too
  • Verify that the Signed by section reads: iPhone Distribution: National Defense University (28CKUWHG5m) and is verified with the green checkmark
  • Tap install

 
  • Enter your passcode and tap Done

 
  • Tap Next at the DoD consent screen *Note this consent ONLY applies when viewing DoD websites, or when on the NDU wireless network. The configuration profile does not enable any monitoring on your device
  • Tap Install at the warning screen, then tap Install again
  • Tap Done
  • Tap the Back button
  • Scroll up and tap on About
  • Scroll down and tap on Certificate Trust Settings

  • Tap on the toggle switch for DoD CLASS 3 Root CA
  • Tap Continue

  • Repeat for DoD Root CA 2, DoD Root CA 3, DoD Root CA 4,  and DoD Root CA 5

 
Your device now has the DoD configuration profile installed.

Uninstall for macOS

Follow these steps to remove the configuration profile *Note this configuration profile will auto uninstall itself after 365 days from the date of install

  • Click on the Apple menu and select System Preferences…
  • Click on the Profiles system preference control panel

  • Select the NDU DoD Root CA configuration profile. Then click the - button at the bottom of the screen

  • Click the Remove button

The configuration profile has been removed from your computer.

iOS Removal

Follow these steps to remove the DoD Root CA Configuration Profile from you device *Note this configuration profile will self delete 365 days from the date of installation

  • Tap on Settings app
  • Tap on General
  • Scroll down and tap on Profiles & Device Management
  • Tap on NDU DoD Root CA
  • Tap on  Remove Profile
  • Enter your passcode then tap Done
  • Tap Remove

The NDU DoD Root CA configuration profile has now been removed from your device