![dod jitc certs dod jitc certs](https://www.dau.edu/faq/PublishingImages/IR_wizard7.png)
Note that if you have your hands on JITC test cards, then you *SHOULD* know where to go to download the JITC root certificates. The first certificate is “DoD JITC ROOT CA 2”.
![dod jitc certs dod jitc certs](https://www.dau.edu/faq/PublishingImages/certExport3.png)
We need to determine what the certificate chain looks like so we make sure that we have all the root and intermediate certificates. The easiest way to determine this is to look at the certificates on the card with ActivClient CAC. We need to figure out what certificate chains we need to validate these JITC test cards. STEP 1- Configure the certificates to validate the card I’ve broken this out into multi part steps the first 2 steps set up the JITC test CAC infrastructure and the last 2 steps set up the Citrix Smart Card components. If all that checks out, you know you’ve got a functioning XenDesktop environment, and can now add SmartCard authentication on top of it.
![dod jitc certs dod jitc certs](https://nps.edu/documents/111151326/111164233/pc-dod-install-root.png)
#Dod jitc certs windows 7
For simplicity’s sake in testing, I used a Windows 7 laptop with ActivClient CAC installed on it. What’s not shown in the diagram above is a client. In my environment I used the JITC test CAC cards provided from DMDC. The only thing that’s not normally in a closed XD POC is a Active Directory Certification Authority, but we need it to support Smart Cards and simulate a real root of trust. Your closed environment should have the following components in it. It’s really not difficult and there are plenty of resources to get you started on that path, whether our own Citrix E -Docs or blogs from knowledgeable Government partners like WWT’s Tech Lab’s vBlog.
#Dod jitc certs how to
I’ll start by assuming that you know how to set up a simple XenDesktop POC. Hopefully that’s where this post will demystify some of the confusion. So whether you’re a Govie, Contractor, or Integrator you just know that your environment supports Smart Cards without having to know the backend PKI that’s involved. The disconnect often happens that the folks setting up these test environments know exactly how to set up a domain controller, and often times a certificate authority, but are not well versed in how to set up a test CAC environment. While taking our word on it is all well and good, we often get asked to help support test environments that are not connected to production networks, and invariably these “closed network” tests have to support Smart Cards as well. The gist of it is that we do support it in many different scenarios. You may have read a post by my colleague Faisal Iqbal about how Citrix supports S martcard Authentication from a CAC/PIV perspective.