Updating security certificate
To access Do D websites from your computer, you need these certificates on your computer.
You may need to reinstall the certificates if the CAC enabled web site won't load, the website you are visiting is prompting you with the message Install Root is created by DISA for Windows computers, if you have any problems with this file, please contact them.
From there, hackers can exploit other vulnerabilities to direct web traffic to a malicious website and present a seemingly valid certificate for the original website.
The browser will check the signature of the rogue certificate against the list of trusted signatures/hashes that are built into browsers, see the certificate has been signed by a trusted Certificate Authority, and connect to the website.
Come January 1, 2017, SHA-1 will no longer be accepted by web browsers. I want to talk about SHA, why SHA-1 is becoming obsolete, and whether you need to do anything about it.
Contrary to popular belief, SHA is not an encryption.
Applied to SHA-1, this means the strength of SHA-1 is more equated to a string that is 280, which means only about half of the effort is required to find a collision.
This vulnerability allows hackers to act as a Certificate Authority (organizations that issue SSL certificates) and sign certificates using a key that appears to be from a true Certificate Authority.
SHA is also used in code verification and email signatures.
However, because the number of possible hashes is finite, but the possible combinations of data input are infinite, we sometimes run into what is called a collision.
A collision is where two pieces of data will end up with the same hash. In statistics, there’s a phenomenon called “the birthday paradox,” which is: if you get at least 23 people in a room the probability of finding two people that share the same birthday is at least 50%.
The Do D PKI Infrastructure is comprised of two Root Certification Authorities and a number of Intermediate Authorities.
If all of the Do D root certificates are not installed on your computer, various applications will not be able to trust all Do D PKI certificates.