├── .codeinventory.yml
├── .gitignore
├── 404.md
├── CONTRIBUTING.md
├── Gemfile
├── ISSUE_TEMPLATE.md
├── LICENSE.md
├── README.md
├── _announcements-archive
├── 01_fpki-repository-migration.md
├── 02_digicert_ca_decommissioning.md
├── 03_health_it_removal.md
├── 04_apple_common_removal.md
├── 05_google_ct.md
├── 06_microsoft_constraint.md
└── 07_chrome_ballot_193.md
├── _announcements
├── 00_index.md
├── 01_common_policy_rekey.md
└── 99_archive.md
├── _common
├── 00_index.md
├── 01_prepare_to_migrate.md
├── 02_obtain_and_verify.md
├── 03_distribute_os.md
├── 04_verify_os_distribution.md
├── 05_distribute_applications.md
├── 06_distribute_intermediate_certs.md
├── 07_migrate.md
├── 08_verify_migration.md
├── 09_faq.md
└── FPKIRootG2Detection.bes
├── _config.yml
├── _crls
├── fpki_piv_issuers.md
└── index.md
├── _data
├── README.md
├── customers.yml
└── notifications.yml
├── _engineer
└── index.md
├── _faq
├── fpki_piv-i_faq.md
└── index.md
├── _includes
├── alert-error.html
├── alert-info.html
├── alert-preview.html
├── alert-success.html
├── alert-warning.html
├── analytics.html
├── apple_trust_store_installation.md
├── apple_trust_store_removal_faqs.md
├── footer.html
├── fpkiar-repo-table.html
├── fpkiar-status-table.html
├── graph.html
├── head.html
├── header.html
├── microsoft_trust_store_installation.md
├── microsoft_trust_store_removal_faqs.md
├── microsoft_trust_store_verification.md
├── navbar.html
├── scripts.html
└── sidebar.html
├── _layouts
└── default.html
├── _sass
├── _base.scss
├── _layout.scss
└── _syntax-highlighting.scss
├── _tools
├── 01_fpki_graph.md
├── 02_fpki_crawler.md
├── 03_fpki_activity_report.md
├── 0_index.md
├── CACertificatesValidatingToFederalCommonPolicy.p7b
├── CACertificatesValidatingToFederalCommonPolicyG2.p7b
├── cite-guide.md
└── fpki-certs.gexf
├── _truststores
├── 00_index.md
├── FPKIRootDetection.bes
└── _archive
│ ├── 01_msft_removal_solutions.md
│ └── 02_appl_removal_solutions.md
├── assets
├── css
│ ├── gexfjs.css
│ ├── images
│ │ ├── ui-bg_glass_100_f6f6f6_1x400.png
│ │ ├── ui-bg_glass_100_fdf5ce_1x400.png
│ │ ├── ui-bg_glass_65_ffffff_1x400.png
│ │ └── ui-bg_gloss-wave_35_f6a828_500x100.png
│ ├── jquery-ui-1.10.3.custom.min.css
│ ├── jquery-ui.min.css
│ ├── jquery-ui.structure.min.css
│ ├── jquery-ui.theme.min.css
│ └── styleguide.css
├── img
│ ├── alerts
│ │ ├── error.png
│ │ ├── error.svg
│ │ ├── info.png
│ │ ├── info.svg
│ │ ├── success.png
│ │ ├── success.svg
│ │ ├── test.md
│ │ ├── warning.png
│ │ └── warning.svg
│ ├── change_page.png
│ ├── code_tab.png
│ ├── create_github_account.png
│ ├── create_new_issue.png
│ ├── edit_page.png
│ ├── favicons
│ │ ├── favicon-114.png
│ │ ├── favicon-144.png
│ │ ├── favicon-16.png
│ │ ├── favicon-192.png
│ │ ├── favicon-57.png
│ │ ├── favicon-72.png
│ │ ├── favicon.ico
│ │ └── favicon.png
│ ├── fleches-horiz.png
│ ├── fork.png
│ ├── issue_title.png
│ ├── logo-cio.png
│ ├── logo-gsa.png
│ ├── loupe-edges.png
│ ├── plusmoins.png
│ ├── preview_page.png
│ ├── propose_change.png
│ ├── pull_request.png
│ ├── pull_tab.png
│ ├── search.gif
│ ├── search.svg
│ ├── submit_new_issue.png
│ ├── us_flag_small.png
│ └── watch_project.png
├── js
│ ├── accordion.js
│ ├── config.js
│ ├── gexfjs.js
│ ├── jquery-3.6.0.min.js
│ ├── jquery-migrate-3.3.0.min.js
│ ├── jquery-ui-1.10.3.custom.min.js
│ ├── jquery-ui.min.js
│ ├── jquery.mousewheel.min.js
│ ├── respond.min.js
│ └── styleguide.js
└── uswds-0.9.1
│ ├── css
│ ├── uswds.css
│ ├── uswds.min.css
│ └── uswds.min.css.map
│ ├── fonts
│ ├── merriweather-bold-webfont.eot
│ ├── merriweather-bold-webfont.ttf
│ ├── merriweather-bold-webfont.woff
│ ├── merriweather-bold-webfont.woff2
│ ├── merriweather-italic-webfont.eot
│ ├── merriweather-italic-webfont.ttf
│ ├── merriweather-italic-webfont.woff
│ ├── merriweather-italic-webfont.woff2
│ ├── merriweather-light-webfont.eot
│ ├── merriweather-light-webfont.ttf
│ ├── merriweather-light-webfont.woff
│ ├── merriweather-light-webfont.woff2
│ ├── merriweather-regular-webfont.eot
│ ├── merriweather-regular-webfont.ttf
│ ├── merriweather-regular-webfont.woff
│ ├── merriweather-regular-webfont.woff2
│ ├── sourcesanspro-bold-webfont.eot
│ ├── sourcesanspro-bold-webfont.ttf
│ ├── sourcesanspro-bold-webfont.woff
│ ├── sourcesanspro-bold-webfont.woff2
│ ├── sourcesanspro-italic-webfont.eot
│ ├── sourcesanspro-italic-webfont.ttf
│ ├── sourcesanspro-italic-webfont.woff
│ ├── sourcesanspro-italic-webfont.woff2
│ ├── sourcesanspro-light-webfont.eot
│ ├── sourcesanspro-light-webfont.ttf
│ ├── sourcesanspro-light-webfont.woff
│ ├── sourcesanspro-light-webfont.woff2
│ ├── sourcesanspro-regular-webfont.eot
│ ├── sourcesanspro-regular-webfont.ttf
│ ├── sourcesanspro-regular-webfont.woff
│ └── sourcesanspro-regular-webfont.woff2
│ ├── img
│ ├── alerts
│ │ ├── error.png
│ │ ├── error.svg
│ │ ├── info.png
│ │ ├── info.svg
│ │ ├── success.png
│ │ ├── success.svg
│ │ ├── warning.png
│ │ └── warning.svg
│ ├── arrow-down.png
│ ├── arrow-down.svg
│ ├── arrow-right.png
│ ├── arrow-right.svg
│ ├── correct8.png
│ ├── correct8.svg
│ ├── correct9.png
│ ├── correct9.svg
│ ├── favicons
│ │ ├── favicon-114.png
│ │ ├── favicon-144.png
│ │ ├── favicon-16.png
│ │ ├── favicon-192.png
│ │ ├── favicon-57.png
│ │ ├── favicon-72.png
│ │ ├── favicon.ico
│ │ └── favicon.png
│ ├── logo-img.png
│ ├── minus.png
│ ├── minus.svg
│ ├── plus.png
│ ├── plus.svg
│ ├── search.png
│ ├── search.svg
│ ├── social-icons
│ │ ├── png
│ │ │ ├── facebook25.png
│ │ │ ├── rss25.png
│ │ │ ├── twitter16.png
│ │ │ └── youtube15.png
│ │ └── svg
│ │ │ ├── facebook25.svg
│ │ │ ├── rss25.svg
│ │ │ ├── twitter16.svg
│ │ │ └── youtube15.svg
│ └── us_flag_small.png
│ └── js
│ ├── uswds.js
│ ├── uswds.min.js
│ └── uswds.min.js.map
├── certs
├── DigiCert_Federal_SSP_Intermediate_CA_-_G5.cer
├── Entrust_Managed_Services_Root_CA.cer
├── Entrust_Managed_Services_Root_CA_Link.cer
├── Federal_Common_Policy_CA_G2_from_FBCAG4.cer
├── ORC_SSP_4.cer
├── Symantec_SSP_Intermediate_CA_-_G4.cer
├── US_Department_of_State_AD_Root_CA.cer
├── US_Treasury_Root_CA.cer
├── Verizon_SSP_CA_A2.cer
├── WidePoint_ORC_SSP_5.cer
└── federal_bridge_ca_g4.cer
├── docs
├── FPKI_Trust_Removal_-_FNR_Webinar_07182018.pdf
├── FPKI_Trust_Removal_-_FNR_Webinar_08022018.pdf
├── issuedByDigiCertFederatedIDCA-1.pem
├── issuedByDigiCertFederatedTrustCA-1.pem
├── issuedByDigiCertFederatedTrustCA.pem
└── issuedByOrionHealthDirectSecureMessagingCA.pem
├── img
├── FCPCA_G2_Transition.jpg
├── Intro-image1.png
├── Intro-image2.jpg
├── PKI-image1.jpg
├── PKI-image2.jpg
├── PKI-image3.jpg
├── bigfix-results.jpg
├── certificatechain.png
├── certificatechain_small.png
├── certutil.gif
├── chrome_untrusted_auth.png
├── chrome_untrusted_ssl.png
├── crls_diagram1.jpg
├── distrust-gpo.gif
├── error-distribute-intermediates.png
├── error_navigation.png
├── error_piv_auth.png
├── error_sig_val.png
├── fbca-logo.png
├── fpki-CAs-Architecture.png
├── fpki-CAs-High-level.png
├── fpki-analysis-results.png
├── fpki-core.png
├── fpki_piv-i_certification_playbook_diagram-v0.0.2.jpg
├── google_ballot193_hot_topic_error.png
├── google_ct_hot_topic_error.png
├── gpo.gif
├── ios_chrome_untrusted_ssl.png
├── ios_full_trust-g2.jpg
├── ios_safari_untrusted_ssl.png
├── landesk-results.jpg
├── link-cert-path.png
├── logo.png
├── participatingCAsV3.png
├── pivcertificatechain.png
├── pivcertificatechain_small.png
├── safari_untrusted_auth.png
├── safari_untrusted_ssl.png
├── unmanaged-device.gif
├── verify-migration-macos.png
├── verify-migration-windows.png
├── verify.gif
├── verify_common_iOS.png
├── verify_common_macOS.png
└── verify_trust.png
├── pages
├── PIV_Testing_Checklist.md
├── common-migration-troubleshooting.md
├── contribute.md
├── contribute_addpage.md
├── contribute_editpage.md
├── contribute_openissue.md
├── fpki_cas.md
├── fpki_certificate_policies.md
├── fpki_faq.md
├── fpki_glossary.md
├── fpki_intro.md
├── fpki_notifications.md
├── fpki_overview.md
├── fpki_piv-i_certificate_process.md
├── fpki_pki.md
├── ms_constraint_test_procedures.md
└── template.md
└── video
├── create_profile.mp4
├── download_and_verify.mp4
├── install_command_line.mp4
├── install_giu_non-admin.mp4
├── ios_safari_configuration-g2.mp4
├── keychain_gui_admin.mp4
├── keychain_gui_non_admin.mp4
├── manual_install_profile.mp4
└── remove_command_line.mp4
/.codeinventory.yml:
--------------------------------------------------------------------------------
1 | name: 'Federal Public Key Infrastructure (FPKI) Guides'
2 | description: 'Guides providing information about the Federal Public Key Infrastructure (FPKI), as well as commonly used links, tools, tips, and user guides for leveraging the FPKI.'
3 | openSourceProject: 1
4 | governmentWideReuseProject: 1
5 | tags:
6 | - pki
7 | - fpki
8 | - ficam
9 | - certificate
10 | - X.509
11 | - common-policy
12 | - federal-bridge
13 | - trust
14 | - crl
15 | - certificate-authority
16 | contact:
17 | email: icam@gsa.gov
18 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | _site/
2 | Gemfile.lock
3 | *~
4 |
--------------------------------------------------------------------------------
/404.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Page Not Found (404 Error)
4 | permalink: /404.html
5 | ---
6 |
7 | ### You might want to double-check your link and try again, or return to the [homepage]({{site.baseurl}}).
8 |
9 | ### Looking for an announcement? Check the [announcement archive]({{site.baseurl}}/announcements/archive/).
10 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | Thank you for considering contributing to the development of open and transparent Federal Identity, Credential and Access Management implementation information.
2 |
3 | #### Public domain
4 |
5 | All contributions to this project will be released into the public domain worldwide through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
6 |
7 | By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
8 |
9 | We encourage you to read our [LICENSE](LICENSE.md) and our [README](README.md), which exist within this repository.
10 |
11 | #### General Practices
12 |
13 | This content is Vendor neutral. Marketing materials for Commercial Products should not be submitted. If you would like to contribute a page or content which includes Commercial Products and specific references for development and engineering, please review the Commercial Product trademark or copyright guides from the Product Vendor and reference those guides in your Pull Request.
14 |
15 | #### Plain Language
16 |
17 | Contributors should consider the audience when submitting content. Plain language benefits a broad audience. Review your proposed content for use of acronyms and specialized jargon before submitting.
18 |
19 | #### Thanks
20 |
21 | The idea for providing this content as open source, the contributing framework, and the licensing framework are based on work from [18F](https://18f.gsa.gov).
22 |
23 |
24 | #### How to Contribute
25 |
26 | * For details on how to contribute, create accounts, and open issues:
27 | * [Read the Contribute pages at the .gov site](https://piv.idmanagement.gov/contribute/)
28 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 | gem 'jekyll'
3 | gem 'uswds-jekyll', :git => 'https://github.com/18F/uswds-jekyll.git'
4 | gem 'jekyll-redirect-from'
5 |
--------------------------------------------------------------------------------
/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | #### Description of Issue: ####
2 |
3 |
4 | #### Details of Issue: ####
5 |
6 |
7 | #### References (Docs, Links, Files): ####
8 |
9 |
10 | #### If a New Page or Content is Needed, Expected Outcomes: ####
11 |
12 |
13 | #### Link to the Content Page for Contributors: ####
14 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: LICENSE
4 | permalink: /license/
5 | ---
6 |
7 | This project is in the public domain within the United States.
8 |
9 | We waive copyright and related rights in the work
10 | worldwide through the CC0 1.0 Universal public domain dedication.
11 |
12 | ## CC0 1.0 Universal Summary
13 |
14 | This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
15 |
16 | ### No Copyright
17 |
18 | The person who associated a work with this deed has dedicated the work to
19 | the public domain by waiving all of his or her rights to the work worldwide
20 | under copyright law, including all related and neighboring rights, to the
21 | extent allowed by law.
22 |
23 | You can copy, modify, distribute and perform the work, even for commercial
24 | purposes, all without asking permission.
25 |
26 | ### Other Information
27 |
28 | In no way are the patent or trademark rights of any person affected by CC0,
29 | nor are the rights that other persons may have in the work or in how the
30 | work is used, such as publicity or privacy rights.
31 |
32 | Unless expressly stated otherwise, the person who associated a work with
33 | this deed makes no warranties about the work, and disclaims liability for
34 | all uses of the work, to the fullest extent permitted by applicable law.
35 | When using or citing the work, you should not imply endorsement by the
36 | author or the affirmer.
37 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | This work is led by GSA teams and the Federal Public Key Infrastructure community in coordination with the ICAM Subcommittee of the Federal CIO Council.
2 |
3 | # Federal Public Key Infrastructure Guides
4 | This repository is for the collaborative development of the Federal Identity, Credential, and Access Management Playbooks and Guides for the *Federal Public Key Infrastructure*.
5 |
6 | ## General Practices
7 | This content is Vendor neutral. Marketing materials for Commercial Products should not be submitted. If you would like to contribute a page or content which includes Commercial Products and a specific references for development and engineering, please review the Commercial Product trademark or copyright guides from the Product Vendor and reference those guides in your Pull Request.
8 |
9 | ## Plain Language
10 | Contributors should consider the audience when submitting content. Plain language benefits a broad audience. Review your proposed content for use of acronyms and specialized jargon before submitting.
11 |
12 | ## Roadmap
13 |
14 | The expected roadmap for these guides:
15 |
16 | May 5th, 2017:
17 |
18 | - Deployed to fpki.idmanagement.gov
19 | - leveraging Federalist platform as a service for hosting
20 |
21 | May 2017++:
22 |
23 | - Change notices from the Federal Public Key Infrastructure service providers
24 | - On-going contributions and collections
25 | - Mapping of all the endpoints and additional info from AIA crawler tools
26 | - Applications and patterns
27 | - Developer tools and tips
28 |
29 |
30 | ## How to Contribute
31 | For information on how to contribute to the site, visit the Contribute page [here]({{site.baseurl}}/contribute.md/). The source repository exists [here](https://github.com/GSA/fpki-guides/).
32 |
33 | Direct changes and line edits to the content may be submitted through a pull request by clicking 'Edit this page'. You do not need to install any software to submit content. You can use GitHub's in-browser editor to edit files and submit a pull request for your changes to be merged.
34 |
35 | ### Public domain
36 |
37 | This project is in the worldwide [public domain](LICENSE.md).
38 |
39 | > This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
40 | >
41 | > All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
42 |
43 | ### Special Thanks
44 | This site is based on GitHub Pages and Jekyll templates. The templates are based on [DOCter](https://github.com/cfpb/docter/) from [CFPB](http://cfpb.github.io/).
45 |
46 | Special thanks to the teams at [18F](https://18f.gsa.gov/), [18F Pages](https://pages.18f.gov/), and [US Digital Services Playbooks](https://playbook.cio.gov/) for their open and transparent model which benefits citizens, government, and technology.
47 |
--------------------------------------------------------------------------------
/_announcements-archive/01_fpki-repository-migration.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | navtitle: Upcoming Migration of Federal PKI Certificate Repository Services
4 | title: Upcoming Migration of Federal PKI Certificate Repository Services
5 | pubDate: April 1, 2019
6 | archDate: October 2, 2020
7 | collection: announcements
8 | permalink: announcements/archive/fpki-repository-migration/
9 | description: On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. This announcement provides additional information related to the upcoming migration.
10 | ---
11 |
12 | {% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %}
13 |
14 |
15 | On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. Existing Federal PKI CA certificate Uniform Resource Locators (URLs) **will not** change as a result of this migration.
16 |
17 | ## What will be impacted?
18 |
19 | This change will affect the hosting of certificate revocation lists, CA certificates, and certificate bundles for the following Federal PKI CAs:
20 | - Federal Bridge CA 2016
21 | - Federal Common Policy CA
22 | - SHA1 Federal Root CA
23 | - Some Test CAs operating for the FPKI Community Interoperability Test Environment (CITE)
24 |
25 | ## When will this change take place?
26 | The migration will take place on April 22, 2019.
27 |
28 | ## What should I do?
29 | This change will be transparent to Relying Parties, and should not require any agency action.
30 |
31 | The FPKI Community Interoperability Test Environment HTTP repository (http://http.cite.fpki-lab.gov) has used the new service since June 2018 with no reported issues.
32 |
33 | A new base URL is available for anyone who would like to test the planned repository service update before the April 22, 2019 migration. For example, to download a copy of the Federal Common Policy CA certificate using the cloud-based hosting solution, navigate to http://cdn.http.fpki.gov/fcpca/fcpca.crt.
34 |
35 | Contact fpki-help@gsa.gov with the subject “CDN Test Issue” if you'd like to learn more about testing, or if you have any issues.
36 |
37 | ## Who can I contact for help or more information?
38 | Email us at fpki-help@gsa.gov.
39 |
--------------------------------------------------------------------------------
/_announcements-archive/02_digicert_ca_decommissioning.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | navtitle: DigiCert CA Decommissioning
4 | title: DigiCert CA Decommissioning
5 | pubDate: April 1, 2019
6 | archDate: October 2, 2020
7 | collection: announcements
8 | permalink: announcements/archive/digicert-ca-decommissioning/
9 | description: DigiCert Incorporated is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. This announcement provides information related to the CAs affected by this change.
10 | ---
11 |
12 | {% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %}
13 |
14 |
15 | DigiCert is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes.
16 |
17 | Remaining active certificates issued from any of the CAs listed in the table below will be revoked. Each CA planned for decommissioning will issue a long-lived CRL, and then have its signing CA certificate revoked by the Symantec Class 3 SSP Intermediate CA - G3 CA.
18 |
19 | The following CAs are planned for revocation and decommissioning:
20 |
21 | | Certificate Serial Number | Subject | Issuer |
22 | |---------------------------|---------|--------|
23 | | 0f76b14f6e3c3f3d78cc7cabf1e9d1f2 | CSC CA - 2 | Symantec Class 3 SSP Intermediate CA - G3 |
24 | | 22058f804d89edd93122c840987ac7ab | CSRA FBCA C4 Device CA | Symantec Class 3 SSP Intermediate CA - G3 |
25 | | 2aaa084cce8d13dc0b3b05b34e325922 | CSRA FBCA C4 CA | Symantec Class 3 SSP Intermediate CA - G3 |
26 | | 45aabdffdae1621d52b260daf7ef3bd7 | CSRA FBCA C3 Device CA | Symantec Class 3 SSP Intermediate CA - G3 |
27 | | 48b53c25944e6ed645339ecf1079fd37 | CSRA FBCA C3 CA | Symantec Class 3 SSP Intermediate CA - G3 |
28 | | 75c13dbed31093353c73618effdabe6e | SureID Inc. CA2 | Symantec Class 3 SSP Intermediate CA - G3 |
29 | | 4ff47dfa24d3aa3633dd4e55de80f870 | SureID Inc. Device CA1 | Symantec Class 3 SSP Intermediate CA - G3 |
30 | | 7bc54c654c3a41d738d48ac17ab603af | Eid Passport LRA Content Signer CA 3 | Symantec Class 3 SSP Intermediate CA - G3 |
31 | | 404d442e9c097771209218ac534936c3 | Eid Passport LRA Device 2 CA | Symantec Class 3 SSP Intermediate CA - G3 |
32 |
33 | ## Who can I contact for help or more information?
34 | Email us at fpki@gsa.gov.
35 |
--------------------------------------------------------------------------------
/_announcements-archive/07_chrome_ballot_193.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | navtitle: TLS Certificate Lifetime Impact
4 | title: TLS Certificate Lifetime Requirement
5 | pubDate: May 10, 2018
6 | archDate: October 21, 2019
7 | collection: announcements-archive
8 | permalink: announcements/archive/tlslifetime/
9 | description: Recent changes to Chrome could affect your agency. Chrome users may receive errors when browsing to government intranet websites and applications. Starting **March 1, 2018**, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures.
10 | ---
11 |
12 | {% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %}
13 |
14 |
15 | Recent changes to Chrome could affect your agency. Chrome now requires that TLS/SSL certificates issued on or after **March 1, 2018**, have a maximum lifetime of 825 days. Google is enforcing this change for Chrome as a result of the Certification Authority/Browser (CA/B) Forum's Ballot 193 to promote increased web security.[1](#1)
16 |
17 | - [What Will Be Impacted?](#what-will-be-impacted)
18 | - [What Other Browsers Enforce This Requirement?](#what-other-browsers-enforce-this-requirement)
19 | - [What Should I Do?](#what-should-i-do)
20 | - [Additional Resources](#additional-resources)
21 |
22 | ## What Will Be Impacted?
23 | A government user will receive an "untrusted site" error when browsing to an intranet website or application if all of the following are true:
24 |
25 | 1. The intranet website's TLS/SSL certificate was issued by a Federal PKI Certification Authority
26 | 2. The TLS/SSL certificate was issued on or after March 1, 2018, with a lifetime greater than 825 days
27 | 3. Using the Chrome browser
28 |
29 | {:style="width:70%;float:center;"}
30 |
31 | ## What Other Browsers Enforce This Requirement?
32 | Chrome is the only browser currently enforcing this requirement for TLS/SSL certificates. If other browser vendors decide to enforce this requirement, we will post updates to this announcement. Please also check the [FPKI-Guides' Issues](https://github.com/GSA/fpki-guides/issues){:target="_blank"} for in-progress discussions.
33 |
34 | ## What Should I Do?
35 | To prevent Chrome browsing errors:
36 | 1. Request that your PKI team or Federal Shared Service Provider update the certificate profiles for TLS/SSL device certificates issued by Federal PKI Certification Authorities to require a certificate lifetime of less than 825 days.
37 | 2. Re-issue and re-install new TLS/SSL certificates for the impacted intranet websites and applications.
38 |
39 | ## Additional Resources
40 | 1. In March 2017, the [CA/B Forum](https://cabforum.org/){:target="_blank"} passed [Ballot 193](https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/){:target="_blank"}, which introduced the 825-day maximum lifetime requirement.
41 |
--------------------------------------------------------------------------------
/_announcements/00_index.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Announcements
4 | collection: announcements
5 | permalink: /announcements/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/announcements/
7 | ---
8 |
9 | These announcements and hot topics concern Federal Public Key Infrastructure changes that may affect your agency's operations.
10 |
11 | {% for item in site.announcements %}
12 | {% assign link = item.permalink | remove: '/' %}
13 | {% if link != item.collection and item.status == "active" %}
14 |
15 |
16 | Date: {{ item.pubDate }}
17 | Description: {{ item.description }}
18 | {% endif %}
19 | {% endfor %}
20 |
--------------------------------------------------------------------------------
/_announcements/01_common_policy_rekey.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | navtitle: Federal Common Policy CA Update
4 | title: Federal Common Policy CA Update
5 | pubDate: October 12, 2020
6 | collection: announcements
7 | permalink: announcements/common-policy-update/
8 | description: In October 2020, the Federal Government will establish a new Federal Public Key Infrastructure (FPKI) Root Certification Authority (CA). This new root is named the Federal Common Policy CA G2. This announcement details the CA update timeline and actions agencies need to perform.
9 | status: active
10 | redirect_to: https://playbooks.idmanagement.gov/fpki/announcements/common-g2-update/
11 | ---
12 |
13 | {% include alert-info.html content="Upcoming changes to the Federal Common Policy Certification Authority (CA) will impact your agency. This announcement will be updated as more information is available." %}
14 |
15 | In **October 2020**, the Federal Government created a new Federal Public Key Infrastructure (FPKI) Root Certification Authority (CA). The new root is named the **Federal Common Policy CA G2**.
16 |
17 | Between December 2020 and June 2021, the CAs signed by the old root will be migrated to the Federal Common Policy CA G2. Once the migration is complete, the old root will be decommissioned.
18 |
19 | ## What will be impacted?
20 |
21 | **This change will affect all federal agencies** and will have an impact on the following services:
22 |
23 | - Personal Identity Verification (PIV) credential authentication to the government networks
24 | - Agency web applications implementing client authentication (e.g., PIV authentication)
25 | - User digital signatures that leverage PIV or similar credentials
26 | - Other applications leveraging the Federal Common Policy CA as a root
27 |
28 |
29 | ## When will this change take place?
30 | Timeline:
31 | - **October 14, 2020**: The Federal PKI Management Authority (FPKIMA) created the new Federal Common Policy CA G2 root
32 | - **October 15, 2020**: The FPKIMA team issued a cross certificate from the Federal Common Policy CA G2 to the Federal Bridge CA G4
33 | - **November 18, 2020**: The FPKIMA team issued CA certificates to migrate agency and shared service providers CAs to the new root: Federal Common Policy CA G2
34 | - **December 2020 to June 2021**: All agencies will need to transition from using the old Federal Common Policy CA as the root to the new Federal Common Policy CA G2 *(approximately six months.)* Certificates issued by the Federal Common Policy CA will be revoked between the end of April and June in coordination with CA operators.
35 | - **June 2021**: The FPKIMA team will decommission the old Federal Common Policy CA after revoking all CA certificates it has issued.
36 |
37 | ## What should I do?
38 |
39 | {% include alert-info.html content="We are collaborating with CISA on a series of webinars to communicate the upcoming changes and answer your questions. Email fpkirootupdate@gsa.gov to be notified of future events." %}
40 |
41 | To prevent issues, agencies **must** distribute the Federal Common Policy CA G2 root certificate as a trusted Root Certification Authority to workstations and servers.
42 |
43 | To prepare for the Federal Common Policy CA update, read our guide [here]({{ site.baseurl }}/common).
44 |
45 | ## Who can I contact for help or more information?
46 | Email us at fpkirootupdate@gsa.gov.
47 |
--------------------------------------------------------------------------------
/_announcements/99_archive.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Archived Announcements
4 | collection: announcements
5 | permalink: /announcements/archive/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/announcements/
7 | ---
8 |
9 | {% include alert-warning.html content="Archived announcements are listed below for historical reference only. These announcements are no longer being updated or maintained." %}
10 |
11 | {% for item in site.announcements-archive %}
12 |
13 |
14 | **Archive Date**: {{ item.archDate }}
15 |
16 | **Publish Date**: {{ item.pubDate }}
17 |
18 | **Description**: {{ item.description }}
19 |
20 |
21 | {% endfor %}
22 |
--------------------------------------------------------------------------------
/_common/00_index.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | navtitle: Federal Common Policy CA Update
4 | title: Federal Common Policy CA Update
5 | collection: common
6 | permalink: /common/
7 | redirect_to: https://playbooks.idmanagement.gov/fpki/common/
8 | ---
9 |
10 | The Federal Government recently deployed the **Federal Common Policy CA (FCPCA) G2**, a new Federal Public Key Infrastructure (FPKI) root Certification Authority (CA). As the existing Federal Common Policy CA reaches the end of its planned service life, FCPCA G2 will roll out incrementally and serve as the new trust anchor for the Federal PKI. Below, you'll find important dates and steps for a successful operational transition to the FCPCA G2 trust anchor.
11 |
12 | This change affects *all federal agencies* and the following services:
13 |
14 | - Personal Identity Verification (PIV) credential authentication to government networks
15 | - Agency web applications implementing client authentication (for example, PIV authentication)
16 | - User digital signatures that leverage PIV or similar credentials
17 | - Other applications leveraging the Federal Common Policy CA as a root CA
18 |
19 | {% include alert-success.html content="Federal enterprises and other relying party organizations should plan for this transition and test interoperability in advance of implementing changes in their production IT environments." %}
20 |
21 | **Recommended steps to complete by December 31st, 2020:**
22 |
23 |
24 |
37 |
38 |
39 | {% include alert-warning.html content="Heads-up! The Federal PKI Management Authority is working with CA operators to plan the revocation of the certificates issued by the Federal Common Policy CA. Follow our GitHub issue page or the System Notifications page for more information related to the planned revocation schedule." %}
40 |
41 |
42 | ## Need Help?
43 |
44 | View the [Frequently Asked Questions]({{site.baseurl}}/common/faq/) page for more information, or email us at fpkirootupdate@gsa.gov.
45 |
46 | {% include alert-info.html content="We're collaborating with CISA on a series of virtual \"office hours\" sessions to answer your questions in real-time. Email fpkirootupdate@gsa.gov to be notified once the sessions are scheduled." %}
47 |
--------------------------------------------------------------------------------
/_common/02_obtain_and_verify.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 2. Obtain and verify a copy of the Federal Common Policy CA G2 certificate
4 | collection: common
5 | permalink: common/obtain-and-verify/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/common/obtain-and-verify/
7 | ---
8 |
9 | To limit the impact to your agency, you should distribute the Federal Common Policy CA G2 (FCPCA G2) certificate to all affected government-furnished workstations and devices as a _trusted root certificate_ **as soon as possible**.
10 |
11 | ## Download a Copy of FCPCA G2
12 |
13 | To download a copy of FCPCA G2, use one of these recommended options:
14 | - Download the certificate from http://repo.fpki.gov/fcpca/fcpcag2.crt
15 | - Email fpki-help@gsa.gov to request an out-of-band copy for download.
16 |
17 | {% include alert-warning.html content="You should never install a root certificate before you verify it. The procedures below describe how to verify the authenticity of your copy of the FCPCA G2. Your certificate details and hash must match the expected values in the following table." %}
18 |
19 | | **FCPCA G2** | **Certificate Details** |
20 | | :-------- | :------------------------------- |
21 | | Distinguished Name | cn=Federal Common Policy CA G2, ou=FPKI, o=U.S. Government, c=US |
22 | | Serial Number | 21e5b9a0cc956de278ca012ba8fdc58a98b3fbea |
23 | | SHA-1 Thumbprint | 99B4251E2EEE05D8292E8397A90165293D116028 |
24 | | SHA-256 Thumbprint | 5F9AECC24616B2191372600DD80F6DD320C8CA5A0CEB7F09C985EBF0696934FC |
25 |
26 | ## Verify Your Copy of FCPCA G2
27 |
28 | To verify your copy of FCPCA G2, use one of these options:
29 |
30 | ### On Windows: Use Microsoft Certutil
31 | 1. Click **Start**, type **cmd**, and press **Enter**.
32 | 2. Run the following command:
33 |
34 | ```
35 | certutil -hashfile {DOWNLOAD_LOCATION}\fcpcag2.crt SHA256
36 | ```
37 |
38 | **Note:** The following .gif shows you how to verify your copy of FCPCA G2 on Microsoft Server 2016.
39 |
40 | {:style="width:85%;"}
41 |
42 |
43 |
44 | ### On macOS: Use Terminal
45 | 1. Click the **Spotlight** icon and search for _Terminal_.
46 | 2. Double-click the **Terminal** icon (black monitor icon with white ">_") to open a window.
47 | 3. Run the following command:
48 |
49 | ```
50 | $ shasum -a 256 {DOWNLOAD_LOCATION}/fcpcag2.crt
51 | ```
52 |
53 |
54 | **Note:** The following .gif shows you how to verify your copy of FCPCA G2 on macOS Catalina (10.15).
55 |
56 |
59 |
60 |
61 | ### On Linux/Unix: Use the Command Line
62 | 1. Open the command line.
63 | 2. Run the following command:
64 |
65 | ```
66 | $ sha256sum {DOWNLOAD_LOCATION}/fcpcag2.crt
67 | ```
68 |
69 |
70 |
71 | Next, [distribute the Federal Common Policy CA G2 certificate as an operating system trusted root]({{site.baseurl}}/common/distribute-os/).
72 |
--------------------------------------------------------------------------------
/_common/05_distribute_applications.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 5. Distribute the certificate to applications
4 | collection: common
5 | permalink: common/distribute-apps/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/common/distribute-apps/
7 | ---
8 |
9 | {% include alert-info.html content="We're calling for all solutions! If you'd like to share your agency's playbook on how to distribute a trusted root CA certificate to an application trust store, create an issue on GitHub or email us at fpkirootupdate@gsa.gov." %}
10 |
11 | Many, but not all, software applications leverage the underlying operating system [trust store]({{site.baseurl}}/truststores/) to verify whether a certificate should be trusted.
12 |
13 | Collaborate across agency teams to identify applications that rely on custom trust stores to ensure distribution of the Federal Common Policy CA (FCPCA) G2 certificate.
14 |
15 | **Example applications with custom trust stores:**
16 | - Java and all Java-based applications (for example, Apache Tomcat)
17 | - Mozilla products (for example, Firefox or Thunderbird)
18 | - OpenSSL-based applications (for example, Apache HTTP Server or Nginx)
19 |
20 |
21 | {% include alert-warning.html content="Important! Depending on how these applications are configured, it's likely you'll also need to distribute the intermediate CA certificates issued by the FCPCA G2." %}
22 |
23 |
24 |
25 | Next, determine if you need to [distribute the CA certificates issued by the FCPCA G2]({{site.baseurl}}/common/certificates/).
26 |
--------------------------------------------------------------------------------
/_common/08_verify_migration.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: 8. Verify migration to the Federal Common Policy CA G2
4 | collection: common
5 | permalink: common/verify-migration/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/common/verify-migration/
7 | ---
8 |
9 | The easiest way to verify your migration to the Federal Common Policy CA (FCPCA) G2 is to validate one of your PIV credential certificates.
10 |
11 | ### Verify Migration on Windows
12 |
13 | 1. Click **Start**, type **certmgr.msc**, and then press **Enter**.
14 | 1. Double-click **Personal**, and then **Certificates**.
15 | 1. Browse to and select any of the certificates found on your PIV credential (the **Issued To** column displays your name).
16 | 1. Double-click the certificate and select the **Certification Path** tab.
17 | 1. Verify the certificate chain begins with the **FCPCA G2** (pictured below).
18 |
19 | **Note:** It's okay if different certification authorities appear below the FCPCA G2 for your certificate.
20 |
21 | {:style="width:40%;"}
22 |
23 |
24 |
25 |
26 | ### Verify Migration on macOS
27 |
28 | 1. Click the **Spotlight** icon and search for *Keychain Access*.
29 | 2. Double-click the **Keychain Access** icon to open the application.
30 | 3. In the left navigation, click the **Login** keychain.
31 | 4. Browse to and select any of the certificates found on your PIV credential (the **Name** column displays your name).
32 | 5. Verify the *This certificate is valid* message appears beneath the certificate details.
33 |
34 | {:style="width:70%;"}
35 |
36 |
37 | ### Troubleshooting
38 | - If you're building a path to the FCPCA G1
39 | - [Verify you have distrusted the FCPCA G1]({{site.baseurl}}/common/migrate/#2-distrust-the-federal-common-policy-ca)
40 | - If a path isn't building at all
41 | - [Verify your distribution of the FCPCA G2]({{site.baseurl}}/common/verify-os-distribution/)
42 | - [Distribute the CA certificates issued by the FCPCA G2]({{site.baseurl}}/common/certificates/)
43 |
44 | ## Need Help?
45 |
46 | View the [Frequently Asked Questions]({{site.baseurl}}/common/faq/) page for more information, or email us at fpkirootupdate@gsa.gov.
47 |
--------------------------------------------------------------------------------
/_common/FPKIRootG2Detection.bes:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Federal Common Policy CA G2 Distribution Detection
5 | This analysis will detect whether COMMON has been redistributed via GPO or Active Directory.
6 |
Depending on how COMMON is redistributed to end-points, one of two pairs of registry keys is created:
7 |
AD Distribution - HKLM:\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\ - HKLM:\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\
8 |
GPO Distribution - HKLM:\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\ - HKLM:\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028\
9 |
Results: If one of these pairs is detected, the analysis will return a value of "TRUE".
]]>
10 | true
11 | Internal
12 | 2020-10-15
13 |
14 | x-fixlet-modification-time
15 | Tue, 20 Oct 2020 18:02:27 +0000
16 |
17 | BES
18 | operating system
19 | ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry)) OR ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry)) OR ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry))) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of registry)) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of native registry)) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\99b4251e2eee05d8292e8397a90165293d116028" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)))
20 |
21 |
22 |
--------------------------------------------------------------------------------
/_crls/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Certificates and CRLs
4 | collection: crls
5 | permalink: /crls/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/certsandcrls/
7 | ---
8 | This page lists the endpoints to retrieve the certificates and certificate revocation lists (CRLs) for the infrastructure CAs. We are working on compiling and adding information for ALL CAs currently in the Federal PKI.
9 |
10 | When downloading **any** certificate file from the list below, please verify the thumbprint (hash) on the downloaded file. You can [verify the hash](#verify-a-hash) using common utilities on operating systems.
11 |
12 | ### Federal Common Policy CA G2
13 |
14 | |**Federal Common Policy CA G2**|**Information**|
15 | |-----------|---------------|
16 | | Federal Common Policy CA G2 Root Certificate | http://repo.fpki.gov/fcpca/fcpcag2.crt |
17 | | Distinguished Name | **cn=Federal Common Policy CA G2, ou=FPKI, o=U.S. Government, c=US** |
18 | | sha1 Thumbprint | 99 B4 25 1E 2E EE 05 D8 29 2E 83 97 A9 01 65 29 3D 11 60 28 |
19 | | Certificate Revocation List | http://repo.fpki.gov/fcpca/fcpcag2.crl |
20 | | P7C file - Issued By | http://repo.fpki.gov/fcpca/caCertsIssuedByfcpcag2.p7c |
21 | | P7C file - Issued To | http://repo.fpki.gov/fcpca/caCertsIssuedTofcpcag2.p7c |
22 |
23 | ### Federal Common Policy CA
24 |
25 | |**Federal Common Policy CA**|**Information**|
26 | |-----------|---------------|
27 | | Federal Common Policy CA Root Certificate | http://http.fpki.gov/fcpca/fcpca.crt |
28 | | Distinguished Name | **cn=Federal Common Policy CA, ou=FPKI, o=U.S. Government, c=US** |
29 | | sha1 Thumbprint | 90 5f 94 2f d9 f2 8f 67 9b 37 81 80 fd 4f 84 63 47 f6 45 c1 |
30 | | Certificate Revocation List | http://http.fpki.gov/fcpca/fcpca.crl |
31 | | P7C file - Issued By | http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c |
32 | | P7C file - Issued To | http://http.fpki.gov/fcpca/caCertsIssuedTofcpca.p7c |
33 |
34 |
35 | ### Federal Bridge CA G4
36 |
37 | |**Federal Bridge CA G4**|**Information**|
38 | |-----------|---------------|
39 | | Certificate Revocation List | http://repo.fpki.gov/bridge/fbcag4.crl |
40 | | P7C file - Issued By | http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c |
41 | | P7C file - Issued To | http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c |
42 |
43 |
44 |
45 | ### Verify a hash
46 | You can verify the hash on files, including certificate files, using common utilities on operating systems. Examples:
47 |
48 | ```
49 | certutil -hashfile .crt SHA1
50 | ```
51 |
52 | ```
53 | openssl dgst -sha1 .crt
54 | ```
55 |
56 | ```
57 | sha1sum .crt
58 | ```
59 |
60 |
61 |
62 |
63 |
--------------------------------------------------------------------------------
/_data/README.md:
--------------------------------------------------------------------------------
1 | ## FPKI System Changes and Notifications Instructions
2 |
3 | ### Instructions to directly add the notifications to the yml file.
4 |
5 | Please follow the guidelines in this document to insert a system change or planned outage notification into the FPKI system change notifications.
6 |
7 | The data directory (data) in Github contains a YAML data file structured for notifications.
8 | - file is named notifications.yml.
9 | - format for the notification.yml is located at the beginning comment section of the yml file.
10 | - pages/notifications.md processes the data in the notifications.yml for display.
11 |
12 | The latest notification entry in notification.yml will be displayed at the top of the notification list. The other notifications are displayed in the descending order of the notification time.
13 |
14 | The notification data can be provided as a GitHub issue or via email. Once the notification data is received, a member of the FPKI team OR the submitting organization should follow the instructions below to add the notification to the list.
15 |
16 | Retrieve notification from GitHub Issue:
17 | 1. Access the FPKI-Guide issues list at https://github.com/GSA/fpki-guides/issues.
18 | 2. Select 'System Notification' tag.
19 | 3. Retrieve the latest issues under 'System Notification'.
20 | 4. Add an Issue comment to each that you are updating the System Notifications
21 |
22 | Retrieve notification from an email:
23 | 1. Retrieve the notification data from the email.
24 |
25 | Add the Notification to GitHub:
26 | 1. Access the following github notification file - https://github.com/GSA/fpki-guides/blob/staging/_data/notifications.yml
27 | 2. Click on the edit icon.
28 | 3. Copy/paste the notification content to the end of _data/notifications.yml file.
29 | 4. Add a dash "-" at the beginning of what you added (refer to existing notification entries for position and spacing).
30 | 4. Submit a Pull Request, OR commit directly to the staging branch if you have permissions
31 | - In your commit, add the comment "fixes " and the Issue _number_ that you are adding to the notifications page
32 | 5. Test the new entry with following url: https://federalist-proxy.app.cloud.gov/preview/gsa/fpki-guides/staging/notifications/#notifications
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/_engineer/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Federal Public Key Infrastructure Engineering Guides
4 | permalink: /engineer/
5 | collection: engineer
6 | ---
7 | ## Engineering Guides
8 |
9 | Federal Public Key Infrastructure engineering guides are to help engineers understand Federal Public Key Infrastructure certificates, manage configurations for tools and platforms, and provide code samples.
10 |
11 | We are migrating topics and content developed by the US Government and engineers, from sources that currently exists in word, pdf and other formats.
12 |
13 | Examples of topics we're working on:
14 |
15 | * How to identify cross-certificates in the Federal PKI?
16 | * What do sample certificates look like?
17 | * How to use the Authority Information Access (AIA) and Subject Information Access (SIA) information in a FPKI certificate?
18 | * How to digitally sign a document using Microsoft Word or Adobe PDF and have it be trusted?
19 | * How to digitally sign and encrypt an email and verify the signature?
20 | * How to digitally sign a document in the format expected by the Federal Register?
21 | * How to identify all the certificate chains in the Federal PKI?
22 |
23 |
24 | We invite you to contribute your knowledge! You can [contribute]({{ site.baseurl }}/contribute/) to this effort or open an [Issue]({{site.github.repository_url}}/issues) to discuss a need you may have for a guide.
25 |
--------------------------------------------------------------------------------
/_faq/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Frequently Asked Questions
4 | permalink: /faq/
5 | collection: faq
6 | ---
7 | ## Frequently Asked Questions
8 |
9 |
10 |
--------------------------------------------------------------------------------
/_includes/alert-error.html:
--------------------------------------------------------------------------------
1 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/_includes/microsoft_trust_store_removal_faqs.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | ### Where can I get the DHS Federal Network Resilience (FNR) Webinar slides?
4 | The FNR Webinar slides (.pdf) can be found [here.]({{site.baseurl}}/docs/FPKI_Trust_Removal_-_FNR_Webinar_07182018.pdf){:target="blank"}
5 |
6 | ### I'm still not sure I get it. Can you explain this change to me in a different way?
7 | - **Current State**: Microsoft distributes the Federal Common Policy CA (FCPCA) (i.e., COMMON) root certificate from its certificate store to all Microsoft workstations and devices. This means that Microsoft *trusts* COMMON as a *known root certification authority*. Because Microsoft *trusts* COMMON, it trusts all Federal PKI CA-issued certificates because they validate to COMMON.
8 | - **Future State**: When COMMON is removed from Microsoft’s certificate store, Microsoft *will not trust* COMMON or any Federal PKI CA-issued certificates. If an agency has not redistributed COMMON by this time, users could experience [authentication errors and other issues](#what-happens-if-i-dont-redistribute-common). **You can prevent errors and issues by redistributing COMMON as soon as possible.**
9 |
10 |
11 | ### What happens if I don’t redistribute COMMON?
12 |
13 | #### 1. (High Impact) Authentication failures:
14 | - Workstations
15 | - Websites
16 | - Applications (internal and cross-agency)
17 | - Virtual Private Networks (VPNs)
18 |
19 | #### 2. (Medium Impact) Error fatigue:
20 | - Unexpected application errors and system behavior for legacy and government-off-the-shelf (GOTS) products
21 |
22 | #### 3. (Low Impact) Digital-signature validation failures:
23 | - Email
24 | - Documents and files (e.g., Microsoft Word)
25 |
26 |
27 | ### What kinds of errors could I see?
28 |
29 | *Sample Chrome error when a user navigates to an intranet site whose SSL/TLS certificate doesn't chain to a trusted root CA:*
30 |
31 | 
32 |
33 | *Sample Chrome error when PIV authentication fails because the user’s certificate doesn't chain to a trusted root CA:*
34 |
35 | 
36 |
37 | *Sample Microsoft Outlook error when a digital signature certificate for an email doesn't chain to a trusted root CA:*
38 |
39 |
40 | 
41 |
42 | ### Which Microsoft products will be affected?
43 |
44 | | **Personal Computer** | **Server** |
45 | | :-------- | :-------- |
46 | | Windows 10 | Windows Server 2016 |
47 | | Windows 8.1 | Windows Server 2012/2012 R2 |
48 | | Windows 8 | Windows Server 2008/2008 R2 |
49 | | Windows 7 | |
50 | | Windows Vista | |
51 |
52 | If you use other Windows versions in your environment, please let us know (fpki@gsa.gov)!
53 |
54 | ### When will this change occur?
55 |
56 | The Federal PKI's target date for mitigation actions was *December 31, 2018*. We anticipate that COMMON will be removed from the Microsoft certificate store in early 2019.
57 |
58 | ### Is COMMON changing?
59 |
60 | No. *COMMON is **not** changing.* The only change will be the way in which COMMON is distributed to workstations and devices.
61 |
62 | ### How can I verify that COMMON has been successfully redistributed to my workstation or device?
63 |
64 | Please review [Verify Redistribution of COMMON](#verify-redistribution-of-common).
65 |
66 | ### Can multiple copies of COMMON coexist in my workstation's or device's certificate store?
67 |
68 | Yes! But don't worry - an enterprise-distributed copy of COMMON won't conflict with Microsoft's distributed copy.
69 |
70 | ### My agency gets PIV cards from [Issuer Name]. I won’t be affected by this change, right?
71 |
72 | Incorrect. Your PIV credential issuer and how agency credentials are generated or issued will *not* be impacted by this change. The impact relates to COMMON's removal from Microsoft's trust stores and how to mitigate this impact by redistributing COMMON to federal enterprise workstations and devices. (See [What happens if I don’t redistribute COMMON?](#what-happens-if-i-dont-redistribute-common).)
73 |
74 | ### Will my PIV credentials break or need to be updated or replaced when this change occurs?
75 |
76 | No. PIV credentials will *not* be affected by this change.
77 |
78 | ### Do I need to redistribute COMMON to my “Bring Your Own Device” (BYOD) program device?
79 |
80 | As a BYOD program device user, you'll need to redistribute COMMON if you:
81 | - Use your PIV credential to log into intranet sites or VPNs
82 | - Validate PIV digital signatures (emails or documents)
83 | - Navigate to intranet pages whose SSL/TLS certificates chain to COMMON
84 |
85 | ### Can I test the impact of Microsoft’s removal of COMMON?
86 |
87 | It is possible to simulate the Microsoft certificate store’s future state. It is **not** recommended due to the potential for **destructive outcomes**. If you're interested in learning more, please contact us at fpki@gsa.gov.
88 |
--------------------------------------------------------------------------------
/_includes/navbar.html:
--------------------------------------------------------------------------------
1 | Skip to main content
2 |
3 |
4 |
5 |
6 |
7 |
8 | An official website of the United States Government
9 |
10 |
11 |
43 |
44 | {% include analytics.html %}
45 |
46 |
47 |
--------------------------------------------------------------------------------
/_sass/_base.scss:
--------------------------------------------------------------------------------
1 | /**
2 | * Reset some basic elements
3 | */
4 | body, h1, h2, h3, h4, h5, h6,
5 | p, blockquote, pre, hr,
6 | dl, dd, ol, ul, figure {
7 | margin: 0;
8 | padding: 0;
9 | }
10 |
11 |
12 |
13 | /**
14 | * Basic styling
15 | */
16 | body {
17 | font-family: $base-font-family;
18 | font-size: $base-font-size;
19 | line-height: $base-line-height;
20 | font-weight: 300;
21 | color: $text-color;
22 | background-color: $background-color;
23 | -webkit-text-size-adjust: 100%;
24 | }
25 |
26 |
27 |
28 | /**
29 | * Set `margin-bottom` to maintain vertical rhythm
30 | */
31 | h1, h2, h3, h4, h5, h6,
32 | p, blockquote, pre,
33 | ul, ol, dl, figure,
34 | %vertical-rhythm {
35 | margin-bottom: $spacing-unit / 2;
36 | }
37 |
38 |
39 |
40 | /**
41 | * Images
42 | */
43 | img {
44 | max-width: 100%;
45 | vertical-align: middle;
46 | }
47 |
48 |
49 |
50 | /**
51 | * Figures
52 | */
53 | figure > img {
54 | display: block;
55 | }
56 |
57 | figcaption {
58 | font-size: $small-font-size;
59 | }
60 |
61 |
62 |
63 | /**
64 | * Lists
65 | */
66 | ul, ol {
67 | margin-left: $spacing-unit;
68 | }
69 |
70 | li {
71 | > ul,
72 | > ol {
73 | margin-bottom: 0;
74 | }
75 | }
76 |
77 |
78 |
79 | /**
80 | * Headings
81 | */
82 | h1, h2, h3, h4, h5, h6 {
83 | font-weight: 300;
84 | }
85 |
86 |
87 |
88 | /**
89 | * Links
90 | */
91 | a {
92 | color: $brand-color;
93 | text-decoration: none;
94 |
95 | &:visited {
96 | color: darken($brand-color, 15%);
97 | }
98 |
99 | &:hover {
100 | color: $text-color;
101 | text-decoration: underline;
102 | }
103 | }
104 |
105 |
106 |
107 | /**
108 | * Blockquotes
109 | */
110 | blockquote {
111 | color: $grey-color;
112 | border-left: 4px solid $grey-color-light;
113 | padding-left: $spacing-unit / 2;
114 | font-size: 18px;
115 | letter-spacing: -1px;
116 | font-style: italic;
117 |
118 | > :last-child {
119 | margin-bottom: 0;
120 | }
121 | }
122 |
123 |
124 |
125 | /**
126 | * Code formatting
127 | */
128 | pre,
129 | code {
130 | font-size: 15px;
131 | border: 1px solid $grey-color-light;
132 | border-radius: 3px;
133 | background-color: #cccccc;
134 | }
135 |
136 | code {
137 | padding: 1px 5px;
138 | }
139 |
140 | pre {
141 | padding: 8px 12px;
142 | overflow-x: scroll;
143 |
144 | > code {
145 | border: 0;
146 | padding-right: 0;
147 | padding-left: 0;
148 | }
149 | }
150 |
151 |
152 |
153 | /**
154 | * Wrapper
155 | */
156 | .wrapper {
157 | max-width: -webkit-calc(#{$content-width} - (#{$spacing-unit} * 2));
158 | max-width: calc(#{$content-width} - (#{$spacing-unit} * 2));
159 | margin-right: auto;
160 | margin-left: auto;
161 | padding-right: $spacing-unit;
162 | padding-left: $spacing-unit;
163 | @extend %clearfix;
164 |
165 | @include media-query($on-laptop) {
166 | max-width: -webkit-calc(#{$content-width} - (#{$spacing-unit}));
167 | max-width: calc(#{$content-width} - (#{$spacing-unit}));
168 | padding-right: $spacing-unit / 2;
169 | padding-left: $spacing-unit / 2;
170 | }
171 | }
172 |
173 |
174 |
175 | /**
176 | * Clearfix
177 | */
178 | %clearfix {
179 |
180 | &:after {
181 | content: "";
182 | display: table;
183 | clear: both;
184 | }
185 | }
186 |
187 |
188 |
189 | /**
190 | * Icons
191 | */
192 | .icon {
193 |
194 | > svg {
195 | display: inline-block;
196 | width: 16px;
197 | height: 16px;
198 | vertical-align: middle;
199 |
200 | path {
201 | fill: $grey-color;
202 | }
203 | }
204 | }
205 |
--------------------------------------------------------------------------------
/_sass/_layout.scss:
--------------------------------------------------------------------------------
1 | /**
2 | * Site header
3 | */
4 | .site-header {
5 | border-top: 5px solid $grey-color-dark;
6 | border-bottom: 1px solid $grey-color-light;
7 | min-height: 56px;
8 |
9 | // Positioning context for the mobile navigation icon
10 | position: relative;
11 | }
12 |
13 | .site-title {
14 | font-size: 26px;
15 | line-height: 56px;
16 | letter-spacing: -1px;
17 | margin-bottom: 0;
18 | float: left;
19 |
20 | &,
21 | &:visited {
22 | color: $grey-color-dark;
23 | }
24 | }
25 |
26 | .site-nav {
27 | float: right;
28 | line-height: 56px;
29 |
30 | .menu-icon {
31 | display: none;
32 | }
33 |
34 | .page-link {
35 | color: $text-color;
36 | line-height: $base-line-height;
37 |
38 | // Gaps between nav items, but not on the first one
39 | &:not(:first-child) {
40 | margin-left: 20px;
41 | }
42 | }
43 |
44 | @include media-query($on-palm) {
45 | position: absolute;
46 | top: 9px;
47 | right: 30px;
48 | background-color: $background-color;
49 | border: 1px solid $grey-color-light;
50 | border-radius: 5px;
51 | text-align: right;
52 |
53 | .menu-icon {
54 | display: block;
55 | float: right;
56 | width: 36px;
57 | height: 26px;
58 | line-height: 0;
59 | padding-top: 10px;
60 | text-align: center;
61 |
62 | > svg {
63 | width: 18px;
64 | height: 15px;
65 |
66 | path {
67 | fill: $grey-color-dark;
68 | }
69 | }
70 | }
71 |
72 | .trigger {
73 | clear: both;
74 | display: none;
75 | }
76 |
77 | &:hover .trigger {
78 | display: block;
79 | padding-bottom: 5px;
80 | }
81 |
82 | .page-link {
83 | display: block;
84 | padding: 5px 10px;
85 | }
86 | }
87 | }
88 |
89 |
90 | /**
91 | * Site footer
92 | */
93 | .site-footer {
94 | border-top: 1px solid $grey-color-light;
95 | padding: $spacing-unit 0;
96 | }
97 |
98 | .footer-heading {
99 | font-size: 18px;
100 | margin-bottom: $spacing-unit / 2;
101 | }
102 |
103 | .contact-list,
104 | .social-media-list {
105 | list-style: none;
106 | margin-left: 0;
107 | }
108 |
109 | .footer-col-wrapper {
110 | font-size: 15px;
111 | color: $grey-color;
112 | margin-left: -$spacing-unit / 2;
113 | @extend %clearfix;
114 | }
115 |
116 | .footer-col {
117 | float: left;
118 | margin-bottom: $spacing-unit / 2;
119 | padding-left: $spacing-unit / 2;
120 | }
121 |
122 | .footer-col-1 {
123 | width: -webkit-calc(35% - (#{$spacing-unit} / 2));
124 | width: calc(35% - (#{$spacing-unit} / 2));
125 | }
126 |
127 | .footer-col-2 {
128 | width: -webkit-calc(20% - (#{$spacing-unit} / 2));
129 | width: calc(20% - (#{$spacing-unit} / 2));
130 | }
131 |
132 | .footer-col-3 {
133 | width: -webkit-calc(45% - (#{$spacing-unit} / 2));
134 | width: calc(45% - (#{$spacing-unit} / 2));
135 | }
136 |
137 | @include media-query($on-laptop) {
138 | .footer-col-1,
139 | .footer-col-2 {
140 | width: -webkit-calc(50% - (#{$spacing-unit} / 2));
141 | width: calc(50% - (#{$spacing-unit} / 2));
142 | }
143 |
144 | .footer-col-3 {
145 | width: -webkit-calc(100% - (#{$spacing-unit} / 2));
146 | width: calc(100% - (#{$spacing-unit} / 2));
147 | }
148 | }
149 |
150 | @include media-query($on-palm) {
151 | .footer-col {
152 | float: none;
153 | width: -webkit-calc(100% - (#{$spacing-unit} / 2));
154 | width: calc(100% - (#{$spacing-unit} / 2));
155 | }
156 | }
157 |
158 |
159 |
160 | /**
161 | * Page content
162 | */
163 | .page-content {
164 | padding: $spacing-unit 0;
165 | }
166 |
167 | .page-heading {
168 | font-size: 20px;
169 | }
170 |
171 | .post-list {
172 | margin-left: 0;
173 | list-style: none;
174 |
175 | > li {
176 | margin-bottom: $spacing-unit;
177 | }
178 | }
179 |
180 | .post-meta {
181 | font-size: $small-font-size;
182 | color: $grey-color;
183 | }
184 |
185 | .post-link {
186 | display: block;
187 | font-size: 24px;
188 | }
189 |
190 |
191 |
192 | /**
193 | * Posts
194 | */
195 | .post-header {
196 | margin-bottom: $spacing-unit;
197 | }
198 |
199 | .post-title {
200 | font-size: 42px;
201 | letter-spacing: -1px;
202 | line-height: 1;
203 |
204 | @include media-query($on-laptop) {
205 | font-size: 36px;
206 | }
207 | }
208 |
209 | .post-content {
210 | margin-bottom: $spacing-unit;
211 |
212 | h2 {
213 | font-size: 32px;
214 |
215 | @include media-query($on-laptop) {
216 | font-size: 28px;
217 | }
218 | }
219 |
220 | h3 {
221 | font-size: 26px;
222 |
223 | @include media-query($on-laptop) {
224 | font-size: 22px;
225 | }
226 | }
227 |
228 | h4 {
229 | font-size: 20px;
230 |
231 | @include media-query($on-laptop) {
232 | font-size: 18px;
233 | }
234 | }
235 | }
236 |
--------------------------------------------------------------------------------
/_sass/_syntax-highlighting.scss:
--------------------------------------------------------------------------------
1 | /**
2 | * Syntax highlighting styles
3 | */
4 | .highlight {
5 | background: #fff;
6 | @extend %vertical-rhythm;
7 |
8 | .c { color: #998; font-style: italic } // Comment
9 | .err { color: #a61717; background-color: #e3d2d2 } // Error
10 | .k { font-weight: bold } // Keyword
11 | .o { font-weight: bold } // Operator
12 | .cm { color: #998; font-style: italic } // Comment.Multiline
13 | .cp { color: #999; font-weight: bold } // Comment.Preproc
14 | .c1 { color: #998; font-style: italic } // Comment.Single
15 | .cs { color: #999; font-weight: bold; font-style: italic } // Comment.Special
16 | .gd { color: #000; background-color: #fdd } // Generic.Deleted
17 | .gd .x { color: #000; background-color: #faa } // Generic.Deleted.Specific
18 | .ge { font-style: italic } // Generic.Emph
19 | .gr { color: #a00 } // Generic.Error
20 | .gh { color: #999 } // Generic.Heading
21 | .gi { color: #000; background-color: #dfd } // Generic.Inserted
22 | .gi .x { color: #000; background-color: #afa } // Generic.Inserted.Specific
23 | .go { color: #888 } // Generic.Output
24 | .gp { color: #555 } // Generic.Prompt
25 | .gs { font-weight: bold } // Generic.Strong
26 | .gu { color: #aaa } // Generic.Subheading
27 | .gt { color: #a00 } // Generic.Traceback
28 | .kc { font-weight: bold } // Keyword.Constant
29 | .kd { font-weight: bold } // Keyword.Declaration
30 | .kp { font-weight: bold } // Keyword.Pseudo
31 | .kr { font-weight: bold } // Keyword.Reserved
32 | .kt { color: #458; font-weight: bold } // Keyword.Type
33 | .m { color: #099 } // Literal.Number
34 | .s { color: #d14 } // Literal.String
35 | .na { color: #008080 } // Name.Attribute
36 | .nb { color: #0086B3 } // Name.Builtin
37 | .nc { color: #458; font-weight: bold } // Name.Class
38 | .no { color: #008080 } // Name.Constant
39 | .ni { color: #800080 } // Name.Entity
40 | .ne { color: #900; font-weight: bold } // Name.Exception
41 | .nf { color: #900; font-weight: bold } // Name.Function
42 | .nn { color: #555 } // Name.Namespace
43 | .nt { color: #000080 } // Name.Tag
44 | .nv { color: #008080 } // Name.Variable
45 | .ow { font-weight: bold } // Operator.Word
46 | .w { color: #bbb } // Text.Whitespace
47 | .mf { color: #099 } // Literal.Number.Float
48 | .mh { color: #099 } // Literal.Number.Hex
49 | .mi { color: #099 } // Literal.Number.Integer
50 | .mo { color: #099 } // Literal.Number.Oct
51 | .sb { color: #d14 } // Literal.String.Backtick
52 | .sc { color: #d14 } // Literal.String.Char
53 | .sd { color: #d14 } // Literal.String.Doc
54 | .s2 { color: #d14 } // Literal.String.Double
55 | .se { color: #d14 } // Literal.String.Escape
56 | .sh { color: #d14 } // Literal.String.Heredoc
57 | .si { color: #d14 } // Literal.String.Interpol
58 | .sx { color: #d14 } // Literal.String.Other
59 | .sr { color: #009926 } // Literal.String.Regex
60 | .s1 { color: #d14 } // Literal.String.Single
61 | .ss { color: #990073 } // Literal.String.Symbol
62 | .bp { color: #999 } // Name.Builtin.Pseudo
63 | .vc { color: #008080 } // Name.Variable.Class
64 | .vg { color: #008080 } // Name.Variable.Global
65 | .vi { color: #008080 } // Name.Variable.Instance
66 | .il { color: #099 } // Literal.Number.Integer.Long
67 | }
68 |
--------------------------------------------------------------------------------
/_tools/01_fpki_graph.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Federal PKI Graph
4 | collection: tools
5 | permalink: tools/fpkigraph/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/tools/fpkigraph/
7 | ---
8 | **Last Update**: April 05, 2021
9 | {% include graph.html %}
10 |
11 | The FPKI Graph displays the relationships between the Certification Authorities in the Federal PKI (FPKI) ecosystem. It graphically depicts how each Certification Authority links to another, through cross-certificates, subordinate certificates, or Bridge CAs.
12 |
13 | The Federal Common Policy Certification Authority (CA) G2 (_"COMMON"_) is shown at the center of the Graph, and the rings of dots represent the outbound CAs.
14 |
15 | - Click on any dot in the Graph to see a CA's inbound and outbound _CA_ certificates.
16 | - _Inbound_ means the CA certificate is signed by the _Inbound_ CA.
17 | - _Outbound_ means the CA has signed the _Outbound_ CA certificate.
18 | - The _Search_ function is on the upper right-hand corner.
19 | - The _Zoom_ scroll bar is in the upper left-hand corner.
20 |
21 | You cannot download the certificates from the Graph. To download the certificates, you need to retrieve the certificates from the Authority Information Access (AIA) or Subject Information Access (SIA) URIs. (See below for more information on AIAs and SIAs.)
22 |
23 | ### How the FPKI Graph Works
24 |
25 | The Graph uses information published in each CA certificate's AIA and SIA extensions. This is public information: all CAs in the FPKI are required to publish and maintain their AIA certificate bundles.
26 |
27 | All CA and End Entity certificates that have a certificate path (trust chain) to COMMON will have an AIA extension in their public certificates. An AIA extension contains a URI where you can find the certificate(s) used to sign that CA or End Entity certificate.
28 |
29 | Most CA certificates will also have an SIA extension with a URI to the CA certificates that have been issued **_by that CA_**. For example, you can find the SIA for COMMON at http://repo.fpki.gov/fcpca/caCertsIssuedByfcpcag2.p7c.
30 |
31 | - To use this SIA, retrieve the file (.p7c) using the link above and open it.
32 | - You will find a dozen or more certificates that are issued by COMMON (Root) to other intermediate or issuing CAs.
33 | - The SIA URIs from each of these certificates can then be retrieved to find the next set of signed certificates.
34 |
35 | ### Acknowledgment
36 |
37 | The FPKI Graph was built by using the same tools and code as the [Berkley ICSI SSL Notary](https://notary.icsi.berkeley.edu/trust-tree/){:target="_blank"}.
38 |
--------------------------------------------------------------------------------
/_tools/03_fpki_activity_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Federal PKI Activity Report
4 | collection: tools
5 | permalink: tools/fpkiactivityreport/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/tools/fpkiar/
7 | ---
8 |
9 | Updated: April 11, 2021
10 |
11 | This report provides a technical and policy compliance status for each Federal Public Key Infrastructure (FPKI) Affiliate.
12 |
13 | - [FPKI Affiliate Status Summary](#fpki-affiliate-status-summary)
14 | - [FPKI Management Authority Certificate Activity](#fpkima-certificate-activity)
15 | - [FPKI Repository Availability](#repository-availability)
16 |
17 | Resolve issues by contacting one of the teams:
18 |
19 | - Technical issues contact the [FPKIMA Team](mailto:fpki-help@gsa.gov)
20 | - Certificate Policy issues contact the [Certificate Policy Working Group (CPWG)](mailto:fpkipa_cpwg@listserv.gsa.gov)
21 |
22 | ## Federal Agency and Affiliate PKI Status Summary
23 | The operational status for each Federal Agency or affiliate connected to the Federal Common Policy CA (FCPCA) or the Federal Bridge CA (FBCA) is summarized below. The overall operational status identifies issues that affect technical interoperability and non-compliance with applicable Certificate Policies (CP). The status is not used for any other purpose such as ranking or rating.
24 |
25 | {% include fpkiar-status-table.html %}
26 |
27 | ## FPKIMA Certificate Activity
28 | The activity listed in this section is limited to the certificates issued BY or TO the Federal Bridge or Federal Common Policy CA.
29 |
30 | The following certificates were issued or published to the FPKI Trust Infrastructure in the last 30 days.
31 |
32 | | Affiliate | Subject CA | Issuing CA | Serial # & SHA-1 Hash | Issued Date |
33 | | --------- | ---------- | ---------- | --------------------- | ----------- |
34 | | N/A | - | - | - | - |
35 |
36 | The following certificates were removed from the FPKI Trust Infrastructure in the last 30 days.
37 |
38 | | Affiliate | Subject CA | Issuing CA | Serial # & SHA-1 Hash | Expiration Date | Action |
39 | | --------- | ---------- | ---------- | --------------------- | ----------- | ----------- |
40 | | FPKIMA | SAFE Bridge CA 02 | Federal Bridge CA G4 | Serial: 18a4dd0c2b5068bf964e3f333e76821f1594042b Hash: 600319e6c322229f88e0f434ba96fb0dfd00252e | 6/7/21 | Revoked |
41 | | FPKIMA | CertiPath Bridge CA - G2 | Federal Bridge CA G4 | Serial: 154d6e5eb1df740a2588ca6e27d3b557829a0dfc Hash: 3bfc4df881682f8846bff486d422025aee7494d8 | 12/12/22 | Revoked |
42 |
43 | The following certificates are planned for a certificate action in the near future, dates to be determined based on availability.
44 |
45 | | Affiliate | Subject CA | Issuing CA | Serial # & SHA-1 Hash | Expiration Date | Action |
46 | | --------- | ---------- | ---------- | --------------------- | --------------- | ------ |
47 | | FPKIMA | Federal Bridge CA G4 | Federal Common Policy CA | Serial: 7994 Hash: e836f3016bfb6e8df274f27fd8a4a5054517b0f1 | 12/12/21 | Revocation – 4/22/20 |
48 | | FPKIMA | Federal Common Policy CA | Federal Bridge CA G4 | Serial: 198ef944a16068e7c0b85cd2f5b2cfb5de8b2174 Hash: fb3f5e09cac4fe4066f6c48cce31feca02fea677 | 6/30/21 | Revocation – 4/22/20 |
49 | | FPKIMA | U.S. Department of State AD Root CA | Federal Common Policy CA | Serial: 79f9 Hash: ce11590010562a39ad8b1455acf76c03737aebf6 | 12/18/22 | Revocation – 4/22/20 |
50 | | FPKIMA | ORC SSP 4 | Federal Common Policy CA | Serial: 2ef9 Hash: 3a70323069a4c41bc95663152e9ccc7111bb0623 | 1/21/24 | Revocation – 4/22/20 |
51 | | FPKIMA | Symantec SSP Intermediate CA - G4 | Federal Common Policy CA | Serial: 258e Hash: 6a382438fd21037018daf3f422a2132bea2be817 | 11/12/24 | Revocation – 4/22/20 |
52 | | FPKIMA | DigiCert Federal SSP Intermediate CA - G5 | Federal Common Policy CA | Serial: 66c0 Hash: 98b58247ac8a2bc6f348f03e8d22884d8345fc0f | 12/13/28 | Revocation – 4/22/20 |
53 | | FPKIMA | Verizon SSP CA A2 | Federal Common Policy CA | Serial: 65f8 Hash: 477bf4017d25cde276cdddf756d40ca591d76f6d | 12/6/26 | Revocation – 4/22/20 |
54 | | FPKIMA | US Treasury Root CA | Federal Common Policy CA | Serial: 6405 Hash: 5a87922b5eaf1d63198a951b2ab6f59b2f16c131 | 8/29/21 | Revocation 6/10 |
55 | | FPKIMA | US Treasury Root CA | Federal Common Policy CA | Serial: 734b Hash: 48ce02a99ae2cc4f790f2989aa153ed565b7e4d2 | 8/14/22| Revocation 6/10 |
56 | | FPKIMA | Entrust Managed Services Root CA | Federal Common Policy CA | Serial: 2e26 Hash: 39c1d3b64e756a3267bfe5fecb103da892ca0611 | 7/30/25 | Revocation 6/17 |
57 | | FPKIMA | Entrust Managed Services Root CA | Federal Common Policy CA | Serial: 734a Hash: a09655170c87d0fbfe0328b99a7baf4a1cf0b5d9 | 8/14/29 | Revocation 6/17 |
58 | | FPKIMA | IdenTrust Global Common Root CA 1 | Federal Bridge CA G4 | Serial: 1659bceb348e6bbd33832c8284c35d7975c8d3c6 Hash: 2800ea6ecdeb8efc1cf4c042d712e8622e0cbb1a | 8/21/21 | Renew |
59 |
60 |
61 |
62 | ## Repository Availability
63 | Repository availability is an uptime metric for Certificate Revocation List availability, based on monitoring by the FPKIMA. The table only contains Certification Authorities directly signed by the Federal Common Policy Root CA, Federal Common Policy Root G2 or Federal Bridge CA G4. A metric of "99" in the table below means the Certificate Revocation List was available for 99% of the given month, in other words, the file was not available for 1% of the month. The last column is the 12-month average.
64 |
65 | {% include fpkiar-repo-table.html %}
66 |
--------------------------------------------------------------------------------
/_tools/0_index.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Useful Tools
4 | collection: tools
5 | permalink: /tools/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/tools/
7 | ---
8 |
9 | We are always collecting useful tools and links that will help you understand and use the Federal Public Key Infrastructure. The table below provides a list of useful tools.
10 |
11 | Please consider contributing any of your favorite tools to this effort!
12 |
13 | **Tool** | **Link** | **Purpose/Use** | **Audience**
14 | --- | --- | --- | ---
15 | FPKI Graph | [https://fpki.idmanagement.gov/tools/fpkigraph/](fpkigraph) | This is an interactive website that is updated weekly to display the hundreds of certification authorities that make up the FPKI and how they are connected. | Program Managers; System Engineers
16 | Certutil | [MSDN Link](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil){:target="_blank"}{:rel="noopener noreferrer"} | Certutil.exe is a Microsoft Windows command-line utility that provides many uses including exporting PIV certificates and validating certificates Example of using the certutil command to verify PIV certificates | System Engineers
17 | Personal Identify Verification (PIV) Cert Validator Tool | [https://pv.test.max.gov/](https://pv.test.max.gov/){:target="_blank"}{:rel="noopener noreferrer"} | The PIV Certificate Validator is a web site application hosted by Max.gov. It assists in verifying the certificates found on a PIV card. | System Engineers
18 | PKI Interoperability Test Tool (PITT) for Microsoft Windows | [http://pkif.sourceforge.net/pitt.html](http://pkif.sourceforge.net/pitt.html){:target="_blank"}{:rel="noopener noreferrer"} | The PKI Interoperability Test Tool (PITT) is a utility intended for PKI integrators. It allows inspection and troubleshooting of certification path processing for a given PKI using both PKIF and Microsoft CAPI. It’s especially useful for identifying a portion of your PKI that may be causing performance problems. | System Engineers
19 | FPKI CRL Miner | [GitHub Link](https://github.com/grandamp/CRLMiner){:target="_blank"}{:rel="noopener noreferrer"} | A work in progress Open Source GitHub repository to validate all HTTP CRL URLs for the Federal PKI. | System Engineers
20 |
--------------------------------------------------------------------------------
/_tools/CACertificatesValidatingToFederalCommonPolicy.p7b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/_tools/CACertificatesValidatingToFederalCommonPolicy.p7b
--------------------------------------------------------------------------------
/_tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/_tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b
--------------------------------------------------------------------------------
/_truststores/00_index.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Trust Stores
4 | collection: truststores
5 | permalink: /truststores/
6 | redirect_to: https://playbooks.idmanagement.gov/fpki/trust-stores/
7 | ---
8 |
9 | This is a high-level overview of trust stores (also called *certificate stores*) and a list of commonly used trust stores and settings.
10 |
11 | * [What is a trust store?](#what-is-a-trust-store)
12 | * [What are the most commonly used trust stores?](#what-are-the-most-commonly-used-trust-stores)
13 | * [What Federal PKI certificate policies are trusted by Adobe and how do I see them?](#what-federal-pki-certificate-policies-are-trusted-by-adobe-and-how-do-I-them)
14 |
15 | ### What is a trust store?
16 | There are millions of identity certificates issued to people and devices around the world. Certificates constantly change as some are revoked and others are issued—far too many for your computer to maintain an up-to-date list.
17 |
18 | Instead, a trust store (a list of **trusted root certificates**) is maintained. When you are presented with a person or device certificate from a PIV credential, website, email, or some other digital item, your operating system or application will check to see whether the certificate has a valid path to one of the trusted root certificates in its trust store.
19 |
20 | ### What are the most commonly used trust stores?
21 | Operating systems, browsers, and some commercial software use trust stores to verify whether a certificate with which you are being presented should be trusted.
22 |
23 | Here are some common trust stores. If the Federal Common Policy CA (FCPCA) (i.e., COMMON) root certificate is included in a trust store and distributed by _default_, the _Includes FCPCA (COMMON)?_ column below will say _Yes_.
24 |
25 | Trust Store|Includes FCPCA (COMMON)?|Includes FCPCA G2|Trust Store Manager|Platforms Serviced|Program Information Location
26 | ---|---|---|---|---|---
27 | Microsoft Trusted Root Certificate Program|Yes (COMMON removal pending)| No |Microsoft Management Console|Windows OS, Internet Explorer Browser, Outlook|http://aka.ms/RootCert
28 | Apple Root Certificate Program|No|No|Keychain Access Utility|macOS, iOS, tvOS, WatchOS, Safari Browser|https://www.apple.com/certificateauthority/ca_program.html
29 | Mozilla Network Security Services (NSS)|No |No|Browser trust store|Firefox, Thunderbird, Linux Operating Systems|https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
30 | Adobe Approved Trust List|Yes|No|Application trust store|Adobe Acrobat|https://helpx.adobe.com/acrobat/kb/approved-trust-list2.html
31 | Java Root Certificate Program|No|No|Java Applet|Java Distributions|http://www.oracle.com/technetwork/java/javase/javasecarootcertsprogram-1876540.html
32 | Google|No|No|Google Admin Console|Android OS, Chromium OS|https://www.chromium.org/Home/chromium-security/root-ca-policy
33 | Opera|Uses Mozilla
34 |
35 | {% include alert-info.html content="Google Chrome uses the trust store of the operating system on Microsoft, Apple, and Android systems. Linux-based systems distribute the Mozilla NSS Library, which may be modified by each version of Linux." %}
36 |
37 | ### What Federal PKI certificate policies are trusted by Adobe and how do I see them?
38 |
39 | A common question is *which certificate policy object identifiers (OIDs) are trusted?* The Federal PKI certificate policy OIDs trusted by Adobe are:
40 |
41 | | Certificate Policies | OIDs | Certificate Use |
42 | |:---------------------|:-----|:----------------|
43 | | Common Hardware | 2.16.840.1.101.3.2.1.3.7 | PIV and Federal Bridge Medium Hardware Token |
44 | | Federal Bridge Medium Hardware Commercial Best Practice | 2.16.840.1.101.3.2.1.3.15 | Federal Bridge Medium Hardware Token (PKI Trusted Roles may not be U.S. citizens) |
45 | | Common High | 2.16.840.1.101.3.2.1.3.16 | High Assurance Policy |
46 | | PIV-I Hardware | 2.16.840.1.101.3.2.1.3.18 | PIV-Interoperable |
47 |
48 | Federal PKI certificates may be used for digitally signing documents between federal agencies and with business partners. Adobe is just one option used for digital signatures.
49 |
50 | To see and verify which Federal PKI certificate policy OIDs are trusted by Adobe Acrobat:
51 |
52 | 1. Open Adobe Acrobat.
53 | 1. _Edit_ > _Preferences_ > _Signatures_ > _Identities & Trusted Certificates_ > _More_.
54 | 2. Choose _Trusted Certificates_ from the left-hand sidebar.
55 | 3. Choose _Federal Common Policy CA_ and then the _Certificate Details_ tab.
56 | 3. Choose the _Certificate Viewer_ window, and click the _Policies_ tab to see _Policy Restrictions_.
57 | 4. In _Certificate Policies_, you will see a comma-separated list of policy OIDs.
58 |
--------------------------------------------------------------------------------
/_truststores/FPKIRootDetection.bes:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Federal Common Policy CA Redistribution Detection
5 | This analysis will detect whether COMMON has been redistributed via GPO or Active Directory.
6 |
Depending on how COMMON is redistributed to end-points, one of two pairs of registry keys is created:
7 |
AD Distribution - HKLM:\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1\ - HKLM:\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1\
8 |
GPO Distribution - HKLM:\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1\ - HKLM:\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1\
9 |
Results: If one of these pairs is detected, the analysis will return a value of "TRUE".
]]>
10 | true
11 | Internal
12 | 2018-11-30
13 |
14 | x-fixlet-modification-time
15 | Tue, 11 Dec 2018 18:02:27 +0000
16 |
17 | BES
18 | operating system
19 | ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of registry)) OR ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of native registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of native registry)) OR ((exists key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry))) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of registry)) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of native registry) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of native registry)) OR ((exists key "HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)) AND (exists key "HKLM\SOFTWARE\WOW6432Node\Microsoft\EnterpriseCertificates\Root\Certificates\905F942FD9F28F679B378180FD4F846347F645C1" of (if x64 of operating system then (x32 registry; x64 registry) else x32 registry)))
20 |
21 |
22 |
--------------------------------------------------------------------------------
/_truststores/_archive/01_msft_removal_solutions.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | navtitle: Microsoft Removal Solutions
4 | title: Microsoft Removal Solutions
5 | collection: truststores
6 | permalink: truststores/microsoft/
7 | ---
8 | In FY 2019, the U.S. Government is removing the Federal Common Policy Certification Authority (CA) root certificate from the Microsoft certificate store (also called a *trust store*). This change will affect all federal agencies and may have an impact on the following services:
9 |
10 | - Personal Identity Verification (PIV) credential authentication to the government networks
11 | - Agency web applications implementing client authentication (e.g., PIV authentication)
12 | - Authentication to Office 365
13 | - Validation of digital signatures
14 | - Other applications leveraging the Microsoft certificate store
15 |
16 | To mitigate any impact this change may have on agency networks and applications, you will need to manually retrieve the FCPCA (i.e., COMMON) root certificate (sometimes also called the U.S. Government root CA certificate), import this certificate into agency enterprise certificate stores, and ensure that this change is propagated throughout the networks.
17 |
18 | The root certificate is available immediately and will remain unchanged. Please follow one of the options under [Solutions](#solutions) to mitigate negative impacts.
19 |
20 | - [Solutions](#solutions)
21 | - [Verify Redistribution of COMMON](#verify-redistribution-of-common)
22 | - [Frequently Asked Questions](#frequently-asked-questions)
23 |
24 | {% include alert-warning.html content="All agencies are encouraged to complete this action as soon as possible." %}
25 |
26 |
27 | ## Solutions
28 | {% include microsoft_trust_store_installation.md %}
29 |
30 |
31 | ## Verify Redistribution of COMMON
32 | {% include microsoft_trust_store_verification.md %}
33 |
34 |
35 | ## Frequently Asked Questions
36 | {% include microsoft_trust_store_removal_faqs.md %}
37 |
--------------------------------------------------------------------------------
/_truststores/_archive/02_appl_removal_solutions.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | navtitle: Apple Removal Solutions
4 | title: Apple Removal Solutions
5 | collection: truststores
6 | permalink: truststores/apple/
7 | ---
8 | In September 2018, the U.S. Government removed the Federal Common Policy Certification Authority (CA) root certificate from the Apple certificate stores. This change affected all federal agency devices using Apple macOS Mojave, iOS 12, or tvOS 12 and may have an impact on the following services:
9 |
10 | - Personal Identity Verification (PIV) credential authentication to government networks
11 | - Agency web applications implementing client authentication (e.g., PIV authentication)
12 | - Validation of digital signatures
13 | - Other applications that leverage the Apple certificate stores
14 |
15 | The root certificate is available immediately and will remain unchanged. Please use one of the [Solutions](#solutions) to mitigate negative impacts.
16 | - [Solutions](#solutions)
17 | - [Frequently Asked Questions](#frequently-asked-questions)
18 |
19 |
20 | ## Solutions ##
21 | {% include apple_trust_store_installation.md %}
22 |
23 |
24 | ## Frequently Asked Questions
25 | {% include apple_trust_store_removal_faqs.md %}
26 |
--------------------------------------------------------------------------------
/assets/css/images/ui-bg_glass_100_f6f6f6_1x400.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/css/images/ui-bg_glass_100_f6f6f6_1x400.png
--------------------------------------------------------------------------------
/assets/css/images/ui-bg_glass_100_fdf5ce_1x400.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/css/images/ui-bg_glass_100_fdf5ce_1x400.png
--------------------------------------------------------------------------------
/assets/css/images/ui-bg_glass_65_ffffff_1x400.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/css/images/ui-bg_glass_65_ffffff_1x400.png
--------------------------------------------------------------------------------
/assets/css/images/ui-bg_gloss-wave_35_f6a828_500x100.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/css/images/ui-bg_gloss-wave_35_f6a828_500x100.png
--------------------------------------------------------------------------------
/assets/css/jquery-ui.structure.min.css:
--------------------------------------------------------------------------------
1 | /*! jQuery UI - v1.11.4 - 2015-12-09
2 | * http://jqueryui.com
3 | * Copyright jQuery Foundation and other contributors; Licensed MIT */
4 |
5 | .ui-helper-hidden{display:none}.ui-helper-hidden-accessible{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:100%;list-style:none}.ui-helper-clearfix:before,.ui-helper-clearfix:after{content:"";display:table;border-collapse:collapse}.ui-helper-clearfix:after{clear:both}.ui-helper-clearfix{min-height:0}.ui-helper-zfix{width:100%;height:100%;top:0;left:0;position:absolute;opacity:0;filter:Alpha(Opacity=0)}.ui-front{z-index:100}.ui-state-disabled{cursor:default!important}.ui-icon{display:block;text-indent:-99999px;overflow:hidden;background-repeat:no-repeat}.ui-widget-overlay{position:fixed;top:0;left:0;width:100%;height:100%}.ui-resizable{position:relative}.ui-resizable-handle{position:absolute;font-size:0.1px;display:block;-ms-touch-action:none;touch-action:none}.ui-resizable-disabled .ui-resizable-handle,.ui-resizable-autohide .ui-resizable-handle{display:none}.ui-resizable-n{cursor:n-resize;height:7px;width:100%;top:-5px;left:0}.ui-resizable-s{cursor:s-resize;height:7px;width:100%;bottom:-5px;left:0}.ui-resizable-e{cursor:e-resize;width:7px;right:-5px;top:0;height:100%}.ui-resizable-w{cursor:w-resize;width:7px;left:-5px;top:0;height:100%}.ui-resizable-se{cursor:se-resize;width:12px;height:12px;right:1px;bottom:1px}.ui-resizable-sw{cursor:sw-resize;width:9px;height:9px;left:-5px;bottom:-5px}.ui-resizable-nw{cursor:nw-resize;width:9px;height:9px;left:-5px;top:-5px}.ui-resizable-ne{cursor:ne-resize;width:9px;height:9px;right:-5px;top:-5px}.ui-accordion .ui-accordion-header{display:block;cursor:pointer;position:relative;margin:2px 0 0 0;padding:.5em .5em .5em .7em;min-height:0;font-size:100%}.ui-accordion .ui-accordion-icons{padding-left:2.2em}.ui-accordion .ui-accordion-icons .ui-accordion-icons{padding-left:2.2em}.ui-accordion .ui-accordion-header .ui-accordion-header-icon{position:absolute;left:.5em;top:50%;margin-top:-8px}.ui-accordion .ui-accordion-content{padding:1em 2.2em;border-top:0;overflow:auto}.ui-button{display:inline-block;position:relative;padding:0;line-height:normal;margin-right:.1em;cursor:pointer;vertical-align:middle;text-align:center;overflow:visible}.ui-button,.ui-button:link,.ui-button:visited,.ui-button:hover,.ui-button:active{text-decoration:none}.ui-button-icon-only{width:2.2em}button.ui-button-icon-only{width:2.4em}.ui-button-icons-only{width:3.4em}button.ui-button-icons-only{width:3.7em}.ui-button .ui-button-text{display:block;line-height:normal}.ui-button-text-only .ui-button-text{padding:.4em 1em}.ui-button-icon-only .ui-button-text,.ui-button-icons-only .ui-button-text{padding:.4em;text-indent:-9999999px}.ui-button-text-icon-primary .ui-button-text,.ui-button-text-icons .ui-button-text{padding:.4em 1em .4em 2.1em}.ui-button-text-icon-secondary .ui-button-text,.ui-button-text-icons .ui-button-text{padding:.4em 2.1em .4em 1em}.ui-button-text-icons .ui-button-text{padding-left:2.1em;padding-right:2.1em}input.ui-button{padding:.4em 1em}.ui-button-icon-only .ui-icon,.ui-button-text-icon-primary .ui-icon,.ui-button-text-icon-secondary .ui-icon,.ui-button-text-icons .ui-icon,.ui-button-icons-only .ui-icon{position:absolute;top:50%;margin-top:-8px}.ui-button-icon-only .ui-icon{left:50%;margin-left:-8px}.ui-button-text-icon-primary .ui-button-icon-primary,.ui-button-text-icons .ui-button-icon-primary,.ui-button-icons-only .ui-button-icon-primary{left:.5em}.ui-button-text-icon-secondary .ui-button-icon-secondary,.ui-button-text-icons .ui-button-icon-secondary,.ui-button-icons-only .ui-button-icon-secondary{right:.5em}.ui-buttonset{margin-right:7px}.ui-buttonset .ui-button{margin-left:0;margin-right:-.3em}input.ui-button::-moz-focus-inner,button.ui-button::-moz-focus-inner{border:0;padding:0}.ui-tabs{position:relative;padding:.2em}.ui-tabs .ui-tabs-nav{margin:0;padding:.2em .2em 0}.ui-tabs .ui-tabs-nav li{list-style:none;float:left;position:relative;top:0;margin:1px .2em 0 0;border-bottom-width:0;padding:0;white-space:nowrap}.ui-tabs .ui-tabs-nav .ui-tabs-anchor{float:left;padding:.5em 1em;text-decoration:none}.ui-tabs .ui-tabs-nav li.ui-tabs-active{margin-bottom:-1px;padding-bottom:1px}.ui-tabs .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-state-disabled .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-tabs-loading .ui-tabs-anchor{cursor:text}.ui-tabs-collapsible .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor{cursor:pointer}.ui-tabs .ui-tabs-panel{display:block;border-width:0;padding:1em 1.4em;background:none}
--------------------------------------------------------------------------------
/assets/img/alerts/error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/alerts/error.png
--------------------------------------------------------------------------------
/assets/img/alerts/error.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
18 |
--------------------------------------------------------------------------------
/assets/img/alerts/info.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/alerts/info.png
--------------------------------------------------------------------------------
/assets/img/alerts/info.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
19 |
--------------------------------------------------------------------------------
/assets/img/alerts/success.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/alerts/success.png
--------------------------------------------------------------------------------
/assets/img/alerts/success.svg:
--------------------------------------------------------------------------------
1 |
13 |
--------------------------------------------------------------------------------
/assets/img/alerts/test.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/assets/img/alerts/warning.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/alerts/warning.png
--------------------------------------------------------------------------------
/assets/img/alerts/warning.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
17 |
--------------------------------------------------------------------------------
/assets/img/change_page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/change_page.png
--------------------------------------------------------------------------------
/assets/img/code_tab.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/code_tab.png
--------------------------------------------------------------------------------
/assets/img/create_github_account.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/create_github_account.png
--------------------------------------------------------------------------------
/assets/img/create_new_issue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/create_new_issue.png
--------------------------------------------------------------------------------
/assets/img/edit_page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/edit_page.png
--------------------------------------------------------------------------------
/assets/img/favicons/favicon-114.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon-114.png
--------------------------------------------------------------------------------
/assets/img/favicons/favicon-144.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon-144.png
--------------------------------------------------------------------------------
/assets/img/favicons/favicon-16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon-16.png
--------------------------------------------------------------------------------
/assets/img/favicons/favicon-192.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon-192.png
--------------------------------------------------------------------------------
/assets/img/favicons/favicon-57.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon-57.png
--------------------------------------------------------------------------------
/assets/img/favicons/favicon-72.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon-72.png
--------------------------------------------------------------------------------
/assets/img/favicons/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon.ico
--------------------------------------------------------------------------------
/assets/img/favicons/favicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/favicons/favicon.png
--------------------------------------------------------------------------------
/assets/img/fleches-horiz.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/fleches-horiz.png
--------------------------------------------------------------------------------
/assets/img/fork.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/fork.png
--------------------------------------------------------------------------------
/assets/img/issue_title.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/issue_title.png
--------------------------------------------------------------------------------
/assets/img/logo-cio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/logo-cio.png
--------------------------------------------------------------------------------
/assets/img/logo-gsa.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/logo-gsa.png
--------------------------------------------------------------------------------
/assets/img/loupe-edges.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/loupe-edges.png
--------------------------------------------------------------------------------
/assets/img/plusmoins.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/plusmoins.png
--------------------------------------------------------------------------------
/assets/img/preview_page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/preview_page.png
--------------------------------------------------------------------------------
/assets/img/propose_change.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/propose_change.png
--------------------------------------------------------------------------------
/assets/img/pull_request.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/pull_request.png
--------------------------------------------------------------------------------
/assets/img/pull_tab.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/pull_tab.png
--------------------------------------------------------------------------------
/assets/img/search.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/search.gif
--------------------------------------------------------------------------------
/assets/img/search.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/img/submit_new_issue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/submit_new_issue.png
--------------------------------------------------------------------------------
/assets/img/us_flag_small.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/us_flag_small.png
--------------------------------------------------------------------------------
/assets/img/watch_project.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/img/watch_project.png
--------------------------------------------------------------------------------
/assets/js/accordion.js:
--------------------------------------------------------------------------------
1 | function Accordion($el) {
2 | var self = this;
3 | this.$root = $el;
4 | this.$root.on('click', 'button', function(ev) {
5 | ev.preventDefault();
6 | if ( $(this).attr('aria-expanded') === 'true' ) {
7 | self.hide($(this));
8 | } else {
9 | self.show($(this));
10 | }
11 | });
12 |
13 | }
14 |
15 | Accordion.prototype.$ = function(selector) {
16 | return this.$root.find(selector);
17 | }
18 |
19 | Accordion.prototype.hide = function($button) {
20 | var selector = $button.attr('aria-controls'),
21 | $content = this.$('#' + selector);
22 | $button.attr('aria-expanded', false);
23 | $content.attr('aria-hidden', true);
24 | };
25 |
26 | Accordion.prototype.show = function($button) {
27 | var selector = $button.attr('aria-controls'),
28 | $content = this.$('#' + selector);
29 | $button.attr('aria-expanded', true);
30 | $content.attr('aria-hidden', false);
31 | };
32 |
33 | Accordion.prototype.hideAll = function() {
34 | var self = this;
35 | this.$('button').each(function() {
36 | self.hide($(this));
37 | });
38 | };
39 |
40 | function accordion($el) {
41 | return new Accordion($el);
42 | }
43 |
44 | $(function() {
45 | $('.sidenav').each(function() {
46 | accordion($(this));
47 | });
48 | });
49 |
--------------------------------------------------------------------------------
/assets/js/config.js:
--------------------------------------------------------------------------------
1 | /*** USE THIS FILE TO SET OPTIONS ***/
2 |
3 | setParams({
4 | graphFile : "../fpki-certs.gexf",
5 | /*
6 | The GEXF file to show ! -- can be overriden by adding
7 | a hash to the document location, e.g. index.html#celegans.gexf
8 | */
9 | showEdges : true,
10 | /*
11 | Default state of the "show edges" button
12 | */
13 | useLens : false,
14 | /*
15 | Default state of the "use lens" button
16 | */
17 | zoomLevel : 0,
18 | /*
19 | Default zoom level. At zoom = 0, the graph should fill a 800x700px zone
20 | */
21 | curvedEdges : true,
22 | /*
23 | False for curved edges, true for straight edges
24 | this setting can't be changed from the User Interface
25 | */
26 | edgeWidthFactor : 1,
27 | /*
28 | Change this parameter for wider or narrower edges
29 | this setting can't be changed from the User Interface
30 | */
31 | minEdgeWidth : 1,
32 | maxEdgeWidth : 50,
33 | textDisplayThreshold: 9,
34 | nodeSizeFactor : 1,
35 | /*
36 | Change this parameter for smaller or larger nodes
37 | this setting can't be changed from the User Interface
38 | */
39 | replaceUrls : true,
40 | /*
41 | Enable the replacement of Urls by Hyperlinks
42 | this setting can't be changed from the User Interface
43 | */
44 | showEdgeWeight : false,
45 | /*
46 | Show the weight of edges in the list
47 | this setting can't be changed from the User Interface
48 | */
49 | language: false
50 | /*
51 | Set to an ISO language code to switch the interface to that language.
52 | Available languages are English [en], French [fr], Spanish [es],
53 | Italian [it], Finnish [fi], Turkish [tr] and Greek [el].
54 | If set to false, the language will be that of the user's browser.
55 | */
56 | });
57 |
--------------------------------------------------------------------------------
/assets/js/gexfjs.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/js/gexfjs.js
--------------------------------------------------------------------------------
/assets/js/jquery.mousewheel.min.js:
--------------------------------------------------------------------------------
1 | /*! Copyright (c) 2011 Brandon Aaron (http://brandonaaron.net)
2 | * Licensed under the MIT License (LICENSE.txt).
3 | *
4 | * Thanks to: http://adomas.org/javascript-mouse-wheel/ for some pointers.
5 | * Thanks to: Mathias Bank(http://www.mathias-bank.de) for a scope bug fix.
6 | * Thanks to: Seamus Leahy for adding deltaX and deltaY
7 | *
8 | * Version: 3.0.6
9 | *
10 | * Requires: 1.2.2+
11 | */
12 | (function(a){function d(b){var c=b||window.event,d=[].slice.call(arguments,1),e=0,f=!0,g=0,h=0;return b=a.event.fix(c),b.type="mousewheel",c.wheelDelta&&(e=c.wheelDelta/120),c.detail&&(e=-c.detail/3),h=e,c.axis!==undefined&&c.axis===c.HORIZONTAL_AXIS&&(h=0,g=-1*e),c.wheelDeltaY!==undefined&&(h=c.wheelDeltaY/120),c.wheelDeltaX!==undefined&&(g=-1*c.wheelDeltaX/120),d.unshift(b,e,g,h),(a.event.dispatch||a.event.handle).apply(this,d)}var b=["DOMMouseScroll","mousewheel"];if(a.event.fixHooks)for(var c=b.length;c;)a.event.fixHooks[b[--c]]=a.event.mouseHooks;a.event.special.mousewheel={setup:function(){if(this.addEventListener)for(var a=b.length;a;)this.addEventListener(b[--a],d,!1);else this.onmousewheel=d},teardown:function(){if(this.removeEventListener)for(var a=b.length;a;)this.removeEventListener(b[--a],d,!1);else this.onmousewheel=null}},a.fn.extend({mousewheel:function(a){return a?this.bind("mousewheel",a):this.trigger("mousewheel")},unmousewheel:function(a){return this.unbind("mousewheel",a)}})})(jQuery)
13 |
--------------------------------------------------------------------------------
/assets/js/respond.min.js:
--------------------------------------------------------------------------------
1 | /*! matchMedia() polyfill - Test a CSS media type/query in JS. Authors & copyright (c) 2012: Scott Jehl, Paul Irish, Nicholas Zakas. Dual MIT/BSD license */
2 | /*! NOTE: If you're already including a window.matchMedia polyfill via Modernizr or otherwise, you don't need this part */
3 | window.matchMedia=window.matchMedia||function(a){"use strict";var c,d=a.documentElement,e=d.firstElementChild||d.firstChild,f=a.createElement("body"),g=a.createElement("div");return g.id="mq-test-1",g.style.cssText="position:absolute;top:-100em",f.style.background="none",f.appendChild(g),function(a){return g.innerHTML='',d.insertBefore(f,e),c=42===g.offsetWidth,d.removeChild(f),{matches:c,media:a}}}(document);
4 |
5 | /*! Respond.js v1.3.0: min/max-width media query polyfill. (c) Scott Jehl. MIT/GPLv2 Lic. j.mp/respondjs */
6 | (function(a){"use strict";function x(){u(!0)}var b={};if(a.respond=b,b.update=function(){},b.mediaQueriesSupported=a.matchMedia&&a.matchMedia("only all").matches,!b.mediaQueriesSupported){var q,r,t,c=a.document,d=c.documentElement,e=[],f=[],g=[],h={},i=30,j=c.getElementsByTagName("head")[0]||d,k=c.getElementsByTagName("base")[0],l=j.getElementsByTagName("link"),m=[],n=function(){for(var b=0;l.length>b;b++){var c=l[b],d=c.href,e=c.media,f=c.rel&&"stylesheet"===c.rel.toLowerCase();d&&f&&!h[d]&&(c.styleSheet&&c.styleSheet.rawCssText?(p(c.styleSheet.rawCssText,d,e),h[d]=!0):(!/^([a-zA-Z:]*\/\/)/.test(d)&&!k||d.replace(RegExp.$1,"").split("/")[0]===a.location.host)&&m.push({href:d,media:e}))}o()},o=function(){if(m.length){var b=m.shift();v(b.href,function(c){p(c,b.href,b.media),h[b.href]=!0,a.setTimeout(function(){o()},0)})}},p=function(a,b,c){var d=a.match(/@media[^\{]+\{([^\{\}]*\{[^\}\{]*\})+/gi),g=d&&d.length||0;b=b.substring(0,b.lastIndexOf("/"));var h=function(a){return a.replace(/(url\()['"]?([^\/\)'"][^:\)'"]+)['"]?(\))/g,"$1"+b+"$2$3")},i=!g&&c;b.length&&(b+="/"),i&&(g=1);for(var j=0;g>j;j++){var k,l,m,n;i?(k=c,f.push(h(a))):(k=d[j].match(/@media *([^\{]+)\{([\S\s]+?)$/)&&RegExp.$1,f.push(RegExp.$2&&h(RegExp.$2))),m=k.split(","),n=m.length;for(var o=0;n>o;o++)l=m[o],e.push({media:l.split("(")[0].match(/(only\s+)?([a-zA-Z]+)\s?/)&&RegExp.$2||"all",rules:f.length-1,hasquery:l.indexOf("(")>-1,minw:l.match(/\(\s*min\-width\s*:\s*(\s*[0-9\.]+)(px|em)\s*\)/)&&parseFloat(RegExp.$1)+(RegExp.$2||""),maxw:l.match(/\(\s*max\-width\s*:\s*(\s*[0-9\.]+)(px|em)\s*\)/)&&parseFloat(RegExp.$1)+(RegExp.$2||"")})}u()},s=function(){var a,b=c.createElement("div"),e=c.body,f=!1;return b.style.cssText="position:absolute;font-size:1em;width:1em",e||(e=f=c.createElement("body"),e.style.background="none"),e.appendChild(b),d.insertBefore(e,d.firstChild),a=b.offsetWidth,f?d.removeChild(e):e.removeChild(b),a=t=parseFloat(a)},u=function(b){var h="clientWidth",k=d[h],m="CSS1Compat"===c.compatMode&&k||c.body[h]||k,n={},o=l[l.length-1],p=(new Date).getTime();if(b&&q&&i>p-q)return a.clearTimeout(r),r=a.setTimeout(u,i),void 0;q=p;for(var v in e)if(e.hasOwnProperty(v)){var w=e[v],x=w.minw,y=w.maxw,z=null===x,A=null===y,B="em";x&&(x=parseFloat(x)*(x.indexOf(B)>-1?t||s():1)),y&&(y=parseFloat(y)*(y.indexOf(B)>-1?t||s():1)),w.hasquery&&(z&&A||!(z||m>=x)||!(A||y>=m))||(n[w.media]||(n[w.media]=[]),n[w.media].push(f[w.rules]))}for(var C in g)g.hasOwnProperty(C)&&g[C]&&g[C].parentNode===j&&j.removeChild(g[C]);for(var D in n)if(n.hasOwnProperty(D)){var E=c.createElement("style"),F=n[D].join("\n");E.type="text/css",E.media=D,j.insertBefore(E,o.nextSibling),E.styleSheet?E.styleSheet.cssText=F:E.appendChild(c.createTextNode(F)),g.push(E)}},v=function(a,b){var c=w();c&&(c.open("GET",a,!0),c.onreadystatechange=function(){4!==c.readyState||200!==c.status&&304!==c.status||b(c.responseText)},4!==c.readyState&&c.send(null))},w=function(){var b=!1;try{b=new a.XMLHttpRequest}catch(c){b=new a.ActiveXObject("Microsoft.XMLHTTP")}return function(){return b}}();n(),b.update=n,a.addEventListener?a.addEventListener("resize",x,!1):a.attachEvent&&a.attachEvent("onresize",x)}})(this);
7 |
--------------------------------------------------------------------------------
/assets/js/styleguide.js:
--------------------------------------------------------------------------------
1 | $(function(){
2 | $('.menu-btn, .overlay, .sliding-panel-close').on('click touchstart',function (e) {
3 | $('.sidenav, .overlay').toggleClass('is-visible');
4 | e.preventDefault();
5 | });
6 |
7 | function handleDisabledLinks() {
8 | $(document).on('click', 'a[href="#"]', function (event) {
9 | // Stop default browser action which would likely return to the top of the page
10 | event.preventDefault();
11 | });
12 | }
13 | handleDisabledLinks()
14 |
15 | // TODO restructure function so the use of "this" makes sense.
16 | var generateCodeSnippets = function(content, previewBox) {
17 |
18 | var self = this;
19 |
20 | this.parseCode = function(previewBox) {
21 | var sampleCode = $('
');
40 | $(sampleCodeBox).find('code').text($(sampleCode).html());
41 | $(previewBox).after(sampleCodeBox);
42 | }
43 |
44 | $(content).find(previewBox).each(function(index, previewBox) {
45 |
46 | var sampleCode = self.parseCode(previewBox);
47 | self.render(previewBox, sampleCode);
48 |
49 | });
50 |
51 | }
52 |
53 | generateCodeSnippets('.main-content', '.preview');
54 |
55 | });
56 |
57 | /* Calculates what scrollTop should be in order to
58 | * show an anchor properly under the header
59 | * and lined up with the nav like the H1
60 | */
61 | var calculateAnchorPosition = function (hash) {
62 | var anchor = $('#' + hash);
63 | var topOffset = 0;
64 | var navPadding = parseInt($('.sidenav').css('padding-top'), 10);
65 | var anchorPadding = parseInt(anchor.css('padding-top'), 10);
66 |
67 | if (anchor.length === 0) {
68 | return topOffset;
69 | }
70 |
71 | //start with the height of the header
72 | topOffset = $('.usa-site-header').first().outerHeight();
73 | //subtract the diffence in padding between nav top and anchor
74 | topOffset = topOffset - (anchorPadding - navPadding);
75 |
76 | //anchor should now align with first item inside nav
77 | return anchor.offset().top - topOffset;
78 | }
79 |
80 |
81 | /* When user lands on a page with a hash in the url
82 | * default behavior will put the title at the very top
83 | * and the header will cover the top of the section.
84 | * This interrupts that and positions section title correctly
85 | */
86 | $(function () {
87 | var hash = window.location.hash.substr(1);
88 | var scrollTopPos = (hash ? calculateAnchorPosition(hash) : 0);
89 |
90 | if (scrollTopPos > 0) {
91 | //setTimeout ensures proper ordering of events
92 | //and makes this happens after the browser's default jump
93 | setTimeout(function () {
94 | $(window).scrollTop(scrollTopPos);
95 | }, 1);
96 | }
97 | });
98 |
99 | //capture that the enter key was used to "click"
100 | $('.sidenav').on('keydown', 'a', function (e) {
101 | var ENTER = 13;
102 | if (e.which === ENTER) {
103 | $(this).data('keypress', true);
104 | }
105 | });
106 |
107 | $('.sidenav').on('click', 'a', function(e) {
108 | var hashLocation = $(this).attr('href').split('#')[1]; // long url splitting
109 | var scrollTopPos = calculateAnchorPosition(hashLocation);
110 |
111 | //if anchor doesn't exist on the page, or calc fails
112 | //then exit gracefully
113 | if (scrollTopPos === 0) {
114 | return true;
115 | }
116 |
117 | e.preventDefault();
118 |
119 | /* Firefox needs html, others need body */
120 | $('body,html').animate({
121 | scrollTop: scrollTopPos
122 | }, {
123 | duration: 200,
124 | start: function () {
125 | var newHash = '#' + hashLocation;
126 |
127 | //using pushState is easiest way to prevent double jumps
128 | if(history && history.pushState && window.location.hash !== newHash) {
129 | history.pushState(null, null, newHash);
130 | } else if (window.location.hash !== newHash) {
131 | window.location.hash = newHash;
132 | }
133 | },
134 | done: function () {
135 | //if keyboard was used, update keyboard focus to section
136 | var link = $(e.target);
137 | var section = $('#' + hashLocation);
138 |
139 | if (link.data('keypress') === true) {
140 | link.removeData('keypress');
141 | section.attr('tabindex','0');
142 | section.focus();
143 | }
144 | }
145 | });
146 | });
147 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-bold-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-italic-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-light-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-light-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-light-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-light-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-light-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-light-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-light-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-light-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/merriweather-regular-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-bold-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-italic-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-light-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.eot
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.ttf
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.woff
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/fonts/sourcesanspro-regular-webfont.woff2
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/alerts/error.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/error.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
18 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/info.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/alerts/info.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/info.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
19 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/success.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/alerts/success.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/success.svg:
--------------------------------------------------------------------------------
1 |
13 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/warning.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/alerts/warning.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/alerts/warning.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
17 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/arrow-down.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/arrow-down.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/arrow-down.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/arrow-right.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/arrow-right.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/arrow-right.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/correct8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/correct8.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/correct8.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/correct9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/correct9.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/correct9.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon-114.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon-114.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon-144.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon-144.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon-16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon-16.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon-192.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon-192.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon-57.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon-57.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon-72.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon-72.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon.ico
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/favicons/favicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/favicons/favicon.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/logo-img.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/logo-img.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/minus.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/minus.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/minus.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/plus.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/plus.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/plus.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/search.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/search.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/png/facebook25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/social-icons/png/facebook25.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/png/rss25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/social-icons/png/rss25.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/png/twitter16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/social-icons/png/twitter16.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/png/youtube15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/social-icons/png/youtube15.png
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/svg/facebook25.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/svg/rss25.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/svg/twitter16.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/social-icons/svg/youtube15.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/uswds-0.9.1/img/us_flag_small.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/assets/uswds-0.9.1/img/us_flag_small.png
--------------------------------------------------------------------------------
/certs/DigiCert_Federal_SSP_Intermediate_CA_-_G5.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/DigiCert_Federal_SSP_Intermediate_CA_-_G5.cer
--------------------------------------------------------------------------------
/certs/Entrust_Managed_Services_Root_CA.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/Entrust_Managed_Services_Root_CA.cer
--------------------------------------------------------------------------------
/certs/Entrust_Managed_Services_Root_CA_Link.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/Entrust_Managed_Services_Root_CA_Link.cer
--------------------------------------------------------------------------------
/certs/Federal_Common_Policy_CA_G2_from_FBCAG4.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/Federal_Common_Policy_CA_G2_from_FBCAG4.cer
--------------------------------------------------------------------------------
/certs/ORC_SSP_4.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/ORC_SSP_4.cer
--------------------------------------------------------------------------------
/certs/Symantec_SSP_Intermediate_CA_-_G4.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/Symantec_SSP_Intermediate_CA_-_G4.cer
--------------------------------------------------------------------------------
/certs/US_Department_of_State_AD_Root_CA.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/US_Department_of_State_AD_Root_CA.cer
--------------------------------------------------------------------------------
/certs/US_Treasury_Root_CA.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/US_Treasury_Root_CA.cer
--------------------------------------------------------------------------------
/certs/Verizon_SSP_CA_A2.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/Verizon_SSP_CA_A2.cer
--------------------------------------------------------------------------------
/certs/WidePoint_ORC_SSP_5.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/WidePoint_ORC_SSP_5.cer
--------------------------------------------------------------------------------
/certs/federal_bridge_ca_g4.cer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/certs/federal_bridge_ca_g4.cer
--------------------------------------------------------------------------------
/docs/FPKI_Trust_Removal_-_FNR_Webinar_07182018.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/docs/FPKI_Trust_Removal_-_FNR_Webinar_07182018.pdf
--------------------------------------------------------------------------------
/docs/FPKI_Trust_Removal_-_FNR_Webinar_08022018.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/docs/FPKI_Trust_Removal_-_FNR_Webinar_08022018.pdf
--------------------------------------------------------------------------------
/docs/issuedByDigiCertFederatedTrustCA-1.pem:
--------------------------------------------------------------------------------
1 | subject=/C=US/O=Trinity Health/CN=Trinity Health Direct CA
2 | issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Federated Trust CA-1
3 | -----BEGIN CERTIFICATE-----
4 | MIIGGjCCBQKgAwIBAgIQBVEYIQkuxPd9SDavMbsXDzANBgkqhkiG9w0BAQsFADBn
5 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
6 | d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgVHJ1
7 | c3QgQ0EtMTAeFw0xNzA4MjQxMjA0NDFaFw0yMzAxMTMxMjAwMDBaMEkxCzAJBgNV
8 | BAYTAlVTMRcwFQYDVQQKEw5UcmluaXR5IEhlYWx0aDEhMB8GA1UEAxMYVHJpbml0
9 | eSBIZWFsdGggRGlyZWN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
10 | AQEAzlbpyD89ctKAtdTWI4ot17Eb185Vk1a3tlu/fyVgWm50BesyrERsskrmd7xl
11 | k2ryaAmBk9hO52dw77tQJVE0IWVHdrLwSroA48WOs1tKSQZ9GWzk1qknYk3DtPt/
12 | 0hvuk1XUIqMmR5lQ/9jSuR0xMTycHQLudZXvU3Xkd1XZMH8RLqCLGn+2wZO3S2Fd
13 | W70YbqH2u/WOROVUw2ls4oupvePNp11JYewPOzsIqgrAtg1zLFpMeUvQjaH3UrvV
14 | 5Ti9Xqd+mrrODth7L0IjK55QxRe0CIpVj7aloYAZvBzrHHwXw7gRygqMeCucwlB7
15 | XJfdct1Ft9vQHUJVj/Nm9WlrUwIDAQABo4IC3jCCAtowHQYDVR0OBBYEFKXC5DoW
16 | tBnD4fq8Pn7HWMNTeYvBMB8GA1UdIwQYMBaAFGvSAtPRqWOLOUtFMZqPDL4p5gEr
17 | MA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMHoGCCsGAQUFBwEB
18 | BG4wbDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEQGCCsG
19 | AQUFBzAChjhodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vYWlhVHJpbml0eUhl
20 | YWx0aERpcmVjdENBLnA3YzCBiAYDVR0fBIGAMH4wPaA7oDmGN2h0dHA6Ly9jcmw0
21 | LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEZlZGVyYXRlZFRydXN0Q0EtMS5jcmwwPaA7
22 | oDmGN2h0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEZlZGVyYXRlZFRy
23 | dXN0Q0EtMS5jcmwwggFrBgNVHSAEggFiMIIBXjA4BgpghkgBhv1sAAIEMCowKAYI
24 | KwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDAYKYIZIAYb9
25 | bAQBATAMBgpghkgBhv1sBAECMAsGCWCGSAGG/WwEAjAMBgpghkgBhv1sBAMCMAwG
26 | CmCGSAGG/WwEBAIwCwYJYIZIAYb9bAELMAoGCGCGSAGG/WwGMA4GDGCGSAGG+VsD
27 | iiEAATAMBgorBgEEAYLBWwABMAwGCisGAQQBgsFbAQEwDAYKKwYBBAGCwVsBAjAM
28 | BgorBgEEAYLBWwEDMAwGCisGAQQBgsFbAQQwDAYKKwYBBAGCwVsCATAMBgorBgEE
29 | AYLBWwICMAwGCisGAQQBgsFbAgMwDAYKKwYBBAGCwVsCBDAMBgorBgEEAYLBWwMB
30 | MAwGCisGAQQBgsFbAwIwDAYKKwYBBAGCwVsDAzAMBgorBgEEAYLBWwMEMA0GCSqG
31 | SIb3DQEBCwUAA4IBAQAkeN/wqtrzJkzKAqzohXWjxkcQ+kmBd5SHj47Z6syKhXeU
32 | 9yJdbDUMkUPYd+1DDgdLDvaetDFfkLFAcPYvCcVXU5yRJ5gC2Ytuw4EX308reMq2
33 | s/X6wR6LKXBX1isPIbU+vCf0hgP+yoIb8bXEzoJnHMbFpEsIWbzpzy1Yb4AMl+no
34 | dzbEhxMR36jNxOpPiUdesWfFH2QECnTDYfLmRFYKyeUuSZFlU2V8q9vwKUXtSUa6
35 | 0rbN11ivyd3NdRdlbrhSN7efbwYnr0cEFtkYnXowVcKIJGDRlkiCI7m1B1XeD2uN
36 | TX8jKQ4cecJXnKvbcsFtLY2e3uz1YXofhwPYyWB1
37 | -----END CERTIFICATE-----
38 |
39 | subject=/C=US/O=Michigan Health Information Shared Services/CN=MIDIGATE CA
40 | issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Federated Trust CA-1
41 | -----BEGIN CERTIFICATE-----
42 | MIIGHzCCBQegAwIBAgIQDENv3OgXA8RpUeuXz5JoBjANBgkqhkiG9w0BAQsFADBn
43 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
44 | d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgVHJ1
45 | c3QgQ0EtMTAeFw0xNzExMDYxMjI0MzVaFw0yMzAxMTMwNjAwMDBaMFkxCzAJBgNV
46 | BAYTAlVTMTQwMgYDVQQKEytNaWNoaWdhbiBIZWFsdGggSW5mb3JtYXRpb24gU2hh
47 | cmVkIFNlcnZpY2VzMRQwEgYDVQQDEwtNSURJR0FURSBDQTCCASIwDQYJKoZIhvcN
48 | AQEBBQADggEPADCCAQoCggEBAMW1ltb/9/8m2CBIohyJzzWObdkhaqcfGjx+bi+F
49 | QjdlZTMry7JOT6BE4ExHJmG1bFmO4Mbtc4/RBQV2OAKUOhj6YeoftRBUQsPHFMDp
50 | mMLD/+f+fWwCivTuiyLeIHJfxETIHyZJot3YMbWax+pgpHpcysT98Periw/wyrLv
51 | 92J804HPhLrMDK0OwquWZtyLXwYpZN0JPIBhNssozC5b3loR9nDTz9kDXzsF5wCI
52 | v40edeke3x6nTuTbdJlvtvjhji0M1zrYv30YPzmzqtBF/TXjCbFBZ822ntUD9fVJ
53 | vMWupHU4vVxIz+UQYnX50ZYPZGjh4tRNoyK1Mao42Br+EycCAwEAAaOCAtMwggLP
54 | MB0GA1UdDgQWBBQkDkAMLtAn3B8pl+semyrG2OmgxTAfBgNVHSMEGDAWgBRr0gLT
55 | 0aljizlLRTGajwy+KeYBKzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB
56 | /wIBADBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
57 | Z2ljZXJ0LmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
58 | Y29tL2FpYU1JRElHQVRFQ0EucDdjMIGIBgNVHR8EgYAwfjA9oDugOYY3aHR0cDov
59 | L2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0RmVkZXJhdGVkVHJ1c3RDQS0xLmNy
60 | bDA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0RmVkZXJh
61 | dGVkVHJ1c3RDQS0xLmNybDCCAWsGA1UdIASCAWIwggFeMDgGCmCGSAGG/WwAAgQw
62 | KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAMBgpg
63 | hkgBhv1sBAEBMAwGCmCGSAGG/WwEAQIwCwYJYIZIAYb9bAQCMAwGCmCGSAGG/WwE
64 | AwIwDAYKYIZIAYb9bAQEAjALBglghkgBhv1sAQswCgYIYIZIAYb9bAYwDgYMYIZI
65 | AYb5WwOKIQABMAwGCisGAQQBgsFbAAEwDAYKKwYBBAGCwVsBATAMBgorBgEEAYLB
66 | WwECMAwGCisGAQQBgsFbAQMwDAYKKwYBBAGCwVsBBDAMBgorBgEEAYLBWwIBMAwG
67 | CisGAQQBgsFbAgIwDAYKKwYBBAGCwVsCAzAMBgorBgEEAYLBWwIEMAwGCisGAQQB
68 | gsFbAwEwDAYKKwYBBAGCwVsDAjAMBgorBgEEAYLBWwMDMAwGCisGAQQBgsFbAwQw
69 | DQYJKoZIhvcNAQELBQADggEBABuLN+d6LZxUsBqjm++q5bRh/K8Y6QD9CgWb95OI
70 | jl+mUICFTs7CFoigjtfTT6usWSnHoxuljgIIYCcM+/ewJcg9g7QlZOeBbh073To/
71 | mpUzPbocW0KjQFCFUD+ucDpynCiSWVJYXSGiYvgObRcxMY4Bx8qDuqBh4RaxeXSB
72 | Om+Cwvq/KvCV78nuJ1eFQThR2UZwMapcP52tC5hwkzWJgF0UG5AYF7Nij8QcW89n
73 | /xlzO5Is2NU7Xl1lE8R7HGc0Twk+3zWJ/4osfpiRyUBj22otppMekD1ojtBcWirS
74 | I7yoTCnuXxG6KD7S4XtW6T73mZ/4V9ptARi+iZJBlir5Tck=
75 | -----END CERTIFICATE-----
76 |
77 |
--------------------------------------------------------------------------------
/img/FCPCA_G2_Transition.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/FCPCA_G2_Transition.jpg
--------------------------------------------------------------------------------
/img/Intro-image1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/Intro-image1.png
--------------------------------------------------------------------------------
/img/Intro-image2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/Intro-image2.jpg
--------------------------------------------------------------------------------
/img/PKI-image1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/PKI-image1.jpg
--------------------------------------------------------------------------------
/img/PKI-image2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/PKI-image2.jpg
--------------------------------------------------------------------------------
/img/PKI-image3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/PKI-image3.jpg
--------------------------------------------------------------------------------
/img/bigfix-results.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/bigfix-results.jpg
--------------------------------------------------------------------------------
/img/certificatechain.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/certificatechain.png
--------------------------------------------------------------------------------
/img/certificatechain_small.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/certificatechain_small.png
--------------------------------------------------------------------------------
/img/certutil.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/certutil.gif
--------------------------------------------------------------------------------
/img/chrome_untrusted_auth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/chrome_untrusted_auth.png
--------------------------------------------------------------------------------
/img/chrome_untrusted_ssl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/chrome_untrusted_ssl.png
--------------------------------------------------------------------------------
/img/crls_diagram1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/crls_diagram1.jpg
--------------------------------------------------------------------------------
/img/distrust-gpo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/distrust-gpo.gif
--------------------------------------------------------------------------------
/img/error-distribute-intermediates.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/error-distribute-intermediates.png
--------------------------------------------------------------------------------
/img/error_navigation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/error_navigation.png
--------------------------------------------------------------------------------
/img/error_piv_auth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/error_piv_auth.png
--------------------------------------------------------------------------------
/img/error_sig_val.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/error_sig_val.png
--------------------------------------------------------------------------------
/img/fbca-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/fbca-logo.png
--------------------------------------------------------------------------------
/img/fpki-CAs-Architecture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/fpki-CAs-Architecture.png
--------------------------------------------------------------------------------
/img/fpki-CAs-High-level.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/fpki-CAs-High-level.png
--------------------------------------------------------------------------------
/img/fpki-analysis-results.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/fpki-analysis-results.png
--------------------------------------------------------------------------------
/img/fpki-core.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/fpki-core.png
--------------------------------------------------------------------------------
/img/fpki_piv-i_certification_playbook_diagram-v0.0.2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/fpki_piv-i_certification_playbook_diagram-v0.0.2.jpg
--------------------------------------------------------------------------------
/img/google_ballot193_hot_topic_error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/google_ballot193_hot_topic_error.png
--------------------------------------------------------------------------------
/img/google_ct_hot_topic_error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/google_ct_hot_topic_error.png
--------------------------------------------------------------------------------
/img/gpo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/gpo.gif
--------------------------------------------------------------------------------
/img/ios_chrome_untrusted_ssl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/ios_chrome_untrusted_ssl.png
--------------------------------------------------------------------------------
/img/ios_full_trust-g2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/ios_full_trust-g2.jpg
--------------------------------------------------------------------------------
/img/ios_safari_untrusted_ssl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/ios_safari_untrusted_ssl.png
--------------------------------------------------------------------------------
/img/landesk-results.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/landesk-results.jpg
--------------------------------------------------------------------------------
/img/link-cert-path.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/link-cert-path.png
--------------------------------------------------------------------------------
/img/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/logo.png
--------------------------------------------------------------------------------
/img/participatingCAsV3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/participatingCAsV3.png
--------------------------------------------------------------------------------
/img/pivcertificatechain.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/pivcertificatechain.png
--------------------------------------------------------------------------------
/img/pivcertificatechain_small.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/pivcertificatechain_small.png
--------------------------------------------------------------------------------
/img/safari_untrusted_auth.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/safari_untrusted_auth.png
--------------------------------------------------------------------------------
/img/safari_untrusted_ssl.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/safari_untrusted_ssl.png
--------------------------------------------------------------------------------
/img/unmanaged-device.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/unmanaged-device.gif
--------------------------------------------------------------------------------
/img/verify-migration-macos.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/verify-migration-macos.png
--------------------------------------------------------------------------------
/img/verify-migration-windows.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/verify-migration-windows.png
--------------------------------------------------------------------------------
/img/verify.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/verify.gif
--------------------------------------------------------------------------------
/img/verify_common_iOS.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/verify_common_iOS.png
--------------------------------------------------------------------------------
/img/verify_common_macOS.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/verify_common_macOS.png
--------------------------------------------------------------------------------
/img/verify_trust.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/img/verify_trust.png
--------------------------------------------------------------------------------
/pages/PIV_Testing_Checklist.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Common Issues Checklist for PIV/PIV-I Card Testing
4 | permalink: /PIV_Testing_Checklist/
5 | ---
6 | Placeholder for Common Issues Checklist to be uploaded.
7 |
--------------------------------------------------------------------------------
/pages/contribute.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: How to Contribute
4 | permalink: /contribute/
5 | redirect_to: https://playbooks.idmanagement.gov/contribute/
6 | ---
7 |
8 | Thank you for considering contributing to our development of open and transparent Federal PKI Guides. Everyone has tricks and tips and we want to share these with our colleagues!
9 |
10 | To contribute to this site, you can:
11 |
12 | - [Open an Issue](#open-an-issue)
13 | - [Edit an existing page](#edit-an-existing-page)
14 | - [Add a new page](#add-a-new-page)
15 | - [Notes on using this repository](#notes-on-using-this-repository)
16 |
17 | Using GitHub as a first time user can be overwhelming. An introduction video is available from DigitalGov on YouTube: [Introduction to GitHub](https://www.youtube.com/watch?v=uNa9GOtM6NE&t=1737s){:target="blank"}.
18 |
19 |
20 | ## Open an Issue
21 |
22 | Issues are the primary way of sharing information and discussing this site with the broader community. For example, Issues can be used for:
23 |
24 | * _Suggestions:_ You would like to suggest an edit or addition to any existing pages or information on this site
25 | * _Corrections:_ You have identified a problem with existing information on the site and would like to discuss a correction
26 |
27 | Issues may be submitted by clicking **Submit Issues Here** in the bottom of the left side navigation.
28 |
29 | For a quick guide on opening Issues, read [how to open issues.]({{site.baseurl}}/openissue/){:target="_blank"}
30 |
31 | ## Edit an existing page
32 |
33 | Direct changes and line edits to the content may be submitted by clicking **Edit this page** in the top right hand corner of each page. You do not need to install any software to submit content. You can use GitHub's in-browser editor to edit files and submit the changes for discussion.
34 |
35 | For a quick guide on editing a page, read [how to edit a page.]({{site.baseurl}}/editpage/){:target="_blank"}
36 |
37 | ## Add a new page
38 | We welcome new pages and appreciate your contributions!
39 |
40 | First, propose a topic by [opening an Issue]({{site.baseurl}}/contribute/#open-an-issue){:target="blank"}. If you don't have a topic, a good place to start is by reviewing the existing **Issues** lists.
41 |
42 | * [PIV Guides Issues](https://github.com/GSA/piv-guides/issues){:target="blank"}
43 | * [Federal PKI Guides Issues](https://github.com/GSA/fpki-guides/issues){:target="blank"}
44 | * [FICAM Architecture Issues](https://github.com/GSA/ficam-arch/issues){:target="blank"}
45 |
46 | Choose one of the Issues and start a conversation on the Issue. You help clarify the problem and identify the solution by discussing the Issue first, and you can propose a format for the new page. When you are ready, add a comment to the Issue that you would like to write up the solution! We will create a new **branch** for you if needed.
47 |
48 | For a quick guide on adding a page, read [how to add a page.]({{site.baseurl}}/addpage/){:target="_blank"}
49 |
50 | We have a [sample template with markdown samples]({{ site.repo_url }}/blob/{{ site.branch }}/pages/template.md){:target="blank"}.
51 |
52 | ## Notes on using this repository
53 |
54 | In the GitHub repository [here]({{site.repo_url}}){:target="_blank"} under the 'Code' tab:
55 |
56 | 
57 |
58 | There are folders containing the content and diagrams.
59 |
60 | * _pages_: includes the content on the pages
61 | * _img_: includes all diagrams and images and are available for download and reuse anywhere
62 |
63 | We encourage you to read our [LICENSE]({{ site.repo_url }}/blob/{{ site.branch }}/LICENSE.md){:target="_blank"} and our [README]({{ site.repo_url }}/blob/{{ site.branch }}/README.md){:target="_blank"}, which exist within this repository.
64 |
65 | ### General Practices
66 |
67 | This content is Vendor neutral. Marketing materials for Commercial Products should not be submitted. If you would like to contribute a page or content which includes Commercial Products and specific references for development and engineering, please review the Commercial Product trademark or copyright guides from the Product Vendor and reference those guides in your Pull Request.
68 |
69 | ### Plain Language
70 |
71 | Contributors should consider the audience when submitting content. Plain language benefits a broad audience. Review your proposed content for use of acronyms and specialized jargon before submitting.
72 |
73 | * All pages should be brief.
74 | * Use titles to help the user identify jumping off points for information.
75 | * Paragraphs should be short.
76 | * All text should be written in plain language and in a user-friendly active voice as much as possible.
77 | * Use numbered steps, bullet lists, and graphics.
78 |
79 | The following sources can provide additional help with plain language, writing, and style:
80 |
81 | * [18F Content Guide](https://content-guide.18f.gov/){:target="_blank"}
82 | * [Federal Plain Language Guidelines](http://www.plainlanguage.gov/){:target="_blank"}
83 |
84 |
85 | ## Thanks
86 |
87 | The idea for providing this content as open source, the contributing framework, and the licensing framework are based on work from [18F](https://18f.gsa.gov){:target="_blank"}
88 |
--------------------------------------------------------------------------------
/pages/contribute_addpage.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Add a Page
4 | permalink: /addpage/
5 | redirect_to: https://playbooks.idmanagement.gov/contribute/#add-a-page
6 | ---
7 |
8 | To add a Page:
9 |
10 | * [Create a GitHub account](#create-a-github-account)
11 | * [Fork the repository](#fork-the-repository)
12 | * [Create a page](#create-a-page)
13 | * [Submit your draft page](#submit-your-draft-page)
14 |
15 | Using GitHub as a first-time user can be overwhelming! An introduction video is available from DigitalGov on YouTube: [Introduction to GitHub](https://www.youtube.com/watch?v=uNa9GOtM6NE&t=1737s){:target="blank"}.
16 |
17 | ### Establish a GitHub Account
18 |
19 | You can create an account by browsing to: [Join GitHub](https://github.com/join).
20 |
21 | * GitHub allows you to remain almost anonymous if you prefer. Make sure you select the options that suit you on the “Profile” and “Emails” pages of your “Personal Settings.”
22 | * We also highly encourage you to turn on **two-factor authentication** in the “Security” page (also part of “Personal Settings”).
23 | 
24 |
25 | ### Fork the Repository
26 |
27 | Once you have a GitHub account, you can create a personal copy (called a "_fork_") to work on in your GitHub profile. It's simple:
28 |
29 | * In the upper right-hand corner, click on the **Fork** button.
30 |
31 | A version controlled _copy_ will now be in your GitHub profile.
32 |
33 | For more help with forking a repo, go to [Fork a Repo](https://help.github.com/articles/fork-a-repo/){:target="blank"}.
34 |
35 | ### Create a Page
36 |
37 | We have a sample template with Markdown available. You first create a new page, then edit the page, write your guide, and finally submit the content.
38 |
39 | To create a new **Page** where you can write your guide:
40 |
41 | 1. Check the **_Branch_** button to ensure that the new branch name is displayed. If it isn't, select it from the Branch drop-down list.
42 | 2. Click on the **_Create New File_** button located above the top right-hand area of your repository's window (above the folders and files listing).
43 | 3. In the text box, enter your new Page's name with the extension **.md** for Markdown
44 | 4. Scroll to the bottom of your Page. Below the **Commit new file** comment box, click on the green **Commit new file** button to save your new Page.
45 |
46 | You can edit your page and even copy the template directly to get started:
47 |
48 | * View the [template sample]({{repo_url}}/pages/template.md){:target="blank"}.
49 | * Click the "Raw" button toward the top right of the page to view the file as raw code. Within this file are helpful comments and instructions on where different parts of your content will be entered.
50 | * Copy all of the samples from the template into your new page, add your content, and delete items you don't need.
51 |
52 | ### How to Submit Your Draft Guide
53 |
54 | * When you add a new page and have your own fork, you will submit a Pull Request.
55 | * [Creating a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/){:target="blank"}
56 |
57 | Be sure to follow the progress of the Issue that you opened stating what content you intended to add! This will allow you to see if others have comments or contributing information for the process, or if the site admin has responded with an updated status on your new Page.
58 |
59 | If you have a question during the contribution process, do not hesitate to open an Issue requesting clarification. You can also email us at icam@gsa.gov.
60 |
--------------------------------------------------------------------------------
/pages/contribute_editpage.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Edit a Page
4 | permalink: /editpage/
5 | redirect_to: https://playbooks.idmanagement.gov/contribute/#edit-a-page
6 | ---
7 |
8 | To Edit a Page:
9 |
10 | 1. **Establish a GitHub account.**
11 | You can create an account by browsing to: [Join GitHub](https://github.com/join).
12 |
13 | * GitHub allows you to remain almost anonymous if you prefer. Make sure you select the options that suit you on the “Profile” and “Emails” pages of your “Personal Settings.”
14 | * We also highly encourage you to turn on **two-factor authentication** in the “Security” page (also part of “Personal Settings”).
15 | 
16 |
17 | 2. When you want to Edit a Page, click on the **Edit this page** link in the upper right-hand corner of the **webpage** OR
18 |
19 | 2. Click on the _Edit this file_ icon in the right-hand corner. It will appear as a pencil icon.
20 | 
21 |
22 | 2. You will see a message that a new copy has been created for you, in your GitHub account:
23 | 
24 |
25 | 2. Change the content, or add new content.
26 | 
27 |
28 | 2. You can click the _Preview changes_ tab to see your changes.
29 | 
30 |
31 | 2. Scroll down to the bottom to find the _Propose file change_ box. Enter the description for your change, and any references. Then click on **Propose file change**
32 | 
33 |
34 | 2. You will be shown the option to review the change and to **Create pull request**. A Pull Request is you submitting your changes and asking for reviews and comments from your peers.
35 | 
36 |
37 | 2. You can track your Pull Request, and comments from your colleagues, by going back to the repository [here]({{site.repo_url}}) and clicking the **Pull request** tab.
38 | 
39 |
40 |
--------------------------------------------------------------------------------
/pages/contribute_openissue.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Opening Issues
4 | permalink: /openissue/
5 | redirect_to: https://playbooks.idmanagement.gov/contribute/#open-an-issue
6 | ---
7 |
8 | To submit comments and open an Issue:
9 |
10 | 1. **Establish a GitHub account.**
11 | To submit a comment or open an Issue, you will need to create a GitHub account.
12 | Create an account by browsing to this site: https://github.com/join
13 | GitHub allows you to remain pseudonymous; you can select the options that suit you on the _Profile_ and _Emails_ pages of your _Personal Settings_ in your GitHub account.
14 | We also highly encourage you to turn on **two-factor authentication** in the _Security_ page, also part of _Personal Settings_.
15 | 
16 |
17 | 2. Open an issue by clicking on the **Submit Issues Here** link in the lower right hand corner of the **webpage**; OR if you are in GitHub, click the "Issues" tab.
18 |
19 | 2. **Review open and closed issues to determine if a similar issue has already been created.**
20 |
21 | 2. Click on the _New Issue_ button in the upper right of the screen.
22 | 
23 |
24 | 2. Provide a short description in the field labeled _Title_ for the feedback being provided.
25 | 
26 |
27 | 2. Enter information in the _Write_ box and describe the issue.
28 |
29 | 2. Select _Submit New Issue_ and you are done!
30 | 
31 |
32 | 2. To track comments through email and monitor future changes, choose to _Watch_ the project!
33 | 
34 |
35 | If you are familiar with GitHub, you are also welcome to provide changes as a **Pull Request**.
36 |
--------------------------------------------------------------------------------
/pages/fpki_certificate_policies.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Certificate Policies
4 | permalink: /policyobjects/
5 | redirect_to: https://playbooks.idmanagement.gov/fpki/policyobjects/
6 | ---
7 |
8 | 1. [What is a Certificate Policy?](#what-is-a-certificate-policy)
9 | 1. [Why do we use Certificate Policies?](#why-do-we-use-certificate-policies)
10 | 1. [What is a Certificate Policy Object Identifier?](#what-is-a-certificate-policy-object-identifier)
11 | 1. [What are the Certificate Policies Object Identifiers in use?](#what-are-the-certificate-policy-object-identifiers)
12 | 1. [How do I view the Certificate Policy Object Identifier?](#how-do-i-view-the-certificate-policy-object-identifier)
13 | 1. [How do I use the Certificate Policy Object Identifier?](#how-do-i-use-the-certificate-policy-object-identifier)
14 |
15 | ### What is a Certificate Policy?
16 |
17 | The certificate policy specifies the the security requirement, issuance procedure and protection of the private key associated with a certificate. Certificate policies are identified in a certificate by including one or more Object Identifiers (OIDs).
18 |
19 | >A Certificate Policy (CP) is defined in the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework as "a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements".
20 |
21 | When a Certification Authority (CA) issues a certificate, it is providing a statement to a certificate user that a public key is bound to an _entity_.
22 |
23 | > _Entity_ can be a person, device, website, or organization
24 |
25 | The Certificate Policy provides the information that can be used by a certificate user to decide whether or not to trust a certificate.
26 |
27 | ### Why do we use Certificate Policies?
28 | Certificate policies are used to establish trust relationships between Certification Authorities. This is called _cross-certification_. When CAs issue cross certificates, one CA assesses and recognizes one or more certificate polices of the other CA.
29 |
30 |
31 |
32 | ### What is a Certificate Policy Object Identifier?
33 |
34 |
35 |
36 |
37 | ### What are the Certificate Policy Object Identifiers?
38 | The Federal PKI has twenty-five (25) certificate policies for people and non-person entity (NPE) certificates.
39 |
40 | * Twelve (12) of the certificate policies are used only within the Federal Bridge Certification Authority to map organizational policies across the issuing CAs and Bridges.
41 | * Thirteen (13) certificate policies are used for the final end entity certificates.
42 |
43 | All certificate policies denote a US Government issued and authorized certificate.
44 | The Commercial Best Practices (CBP) identifier on certificate policies indicate the trusted roles or individuals assigned a role in certificate issuance do not have to be U.S. citizens.
45 | A hardware (HW) identifier indicate the private key is generated and protected on a hardware based token.
46 | The risk level referenced refers to the level of risk associated with transactions accepting certificates
47 | issued under the specified certificate policy.
48 |
49 |
50 | | Certificate Policy | Policy Object Identifier (OID) | Risk |
51 | |--------------------|--------------------------------| -----|
52 | |common-policy|2.16.840.1.101.3.2.1.3.6|Medium risk – authentication, signature or encryption of USG individual person, group, device, or role.|
53 | |common-HW|2.16.840.1.101.3.2.1.3.7|High risk – authentication, signature or encryption of USG individual person, group, role, or device where private key is protected on hardware token.|
54 | |common-devices|2.16.840.1.101.3.2.1.3.8|Medium risk – USG authentication or encryption of device.|
55 | |common-devicesHW|2.16.840.1.101.3.2.1.3.36|Medium risk - authentication or encryption of USG device where private key protected on hardware token.|
56 | |common-auth|2.16.840.1.101.3.2.1.3.13|High risk - Shows possession of PIV card with PIN use|
57 | |common-high|2.16.840.1.101.3.2.1.3.16|High risk – authentication, signature or encryption of USG individual person, group, role, or device where private key is protected on hardware token.|
58 | |common-cardAuth|2.16.840.1.101.3.2.1.3.17|Shows possession of PIV card w/o PIN use.|
59 | |common-piv-contentSigning|2. 16.840.1.101.3.2.1.3.39|Signs security objects on PIV or Derived PIV.|
60 | |SHA1-mediumCBP|2.16.840.1.101.3.2.1.3.21|Medium risk – authentication, signature or encryption of individual person, group, device, or role. (SHA1)|
61 | |SHA1-mediumHW-CBP|2.16.840.1.101.3.2.1.3.22|Medium risk – authentication, signature or encryption of individual person, group, or role where private key is protected on hardware token. (SHA1)|
62 | |SHA1-medium|2.16.840.1.101.3.2.1.3.23|Medium risk – authentication, signature or encryption of individual person, group, device, or role. (SHA1)|
63 | |SHA1-mediumHW|2.16.840.1.101.3.2.1.3.24|Medium risk – authentication, signature or encryption of individual person, group, or role where private key is protected on hardware token. (SHA1)|
64 | |SHA1-devices|2.16.840.1.101.3.2.1.3.25|Medium risk - authentication or encryption of device .(SHA1)|
65 |
66 |
67 | | Certificate Policy | Policy Object Identifier (OID) | Risk |
68 | |--------------------|--------------------------------| -----|
69 | |FBCA-rudimentary|
70 |
71 |
72 | ### How do I view the Certificate Policy Object Identifier?
73 |
74 |
75 | ### How do I use the Certificate Policy Object Identifier?
76 |
--------------------------------------------------------------------------------
/pages/fpki_faq.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Frequently Asked Questions
4 | permalink: /faq/
5 | ---
6 |
7 | ## Frequently Asked Questions
8 |
9 |
10 |
--------------------------------------------------------------------------------
/pages/fpki_overview.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Federal PKI Overview
4 | permalink: /overview/
5 | redirect_to: https://playbooks.idmanagement.gov/fpki/intro-fpki/
6 | ---
7 |
8 | The Federal Public Key Infrastructure encompasses the Certification Authorities which issue:
9 |
10 | 1. PIV credentials and person identity certificates
11 | 2. PIV-Interoperable credentials and person identity certificates
12 | 3. Other person identity certificates
13 | 4. Device identity certificates
14 |
15 | The participating Certification Authorities **and** the Policies, Processes, and Auditing of all the participants is referred to as the **Federal Public Key Infrastructure (FPKI)**
16 |
17 | ## Example
18 | To give a simple example, we'll explain the PIV certificates. Although we have many other types of identity certificates, it's easiest to explain with **PIV** since you might have one:
19 |
20 | * Identity certificates are issued and digitally signed by a _Certification Authority_.
21 | * The _Certification Authority_ that issued and digitally signed your PIV certificates is called an _Intermediate Certification Authority_ because it was issued a certificate by another _Certification Authority_.
22 | * This process of issuing and signing continues until there is one _Certification Authority_ that is called the _Root Certification Authority_.
23 |
24 | The full process of proving identity when issuing the certificates, auditing the certification authorities, and the cryptographic protections of the digital signatures establish the basis of Trust.
25 |
26 | {:style="float:center"}
27 |
28 | The US Federal Government has also established Trust with other Certification Authorities which serve business communities, State and Local government communities, and international government communities.
29 |
30 | For the US Federal Government Executive branch agencies, there is one Root Certification Authority named _Federal Common Policy Certification Authority (COMMON)_, and dozens of Intermediate Certification Authorities, and Bridged Certification Authorities.
31 |
32 | * [A graph of the federal public key infrastructure, including the business communities](https://fpki.idmanagement.gov/tools/fpkigraph/){:target="_blank"}
33 |
34 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/pages/template.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: default
3 | title: Template Title of This Page
4 | permalink: /template/
5 | ---
6 |
7 | Markdown is a simple way of writing and formatting. The formats can be used across many different platforms including for websites and documents. We created a sample template to help you with your page.
8 |
9 | To review information on how to contribute and how to Add a New Page: https://fpki.idmanagement.gov/contribute
10 | If you want to learn more about markdown formatting: https://guides.github.com/features/mastering-markdown/
11 |
12 | You can copy and paste this template into a new page, and use the sample markdown.
13 |
14 | You probably noticed this block at the top of the page.
15 |
16 | layout: default
17 | title: Title of the Page
18 | permalink: /template/
19 |
20 | This block at the top of the page is used for website navigation when your guide is posted. Update the _Title of the Page_ and the _/template/_
21 |
22 | ## Overview
23 |
24 | To begin your guide, briefly state its purpose in one to two sentences for an Overview. You may include information on the intended audience, the intended outcome of the guide, and any other information that would help the user to understand the guide.
25 |
26 | Then add a table of contents link for each section. For example:
27 |
28 | * [Section 1 Title](#words-in-section1-title-separated-by-dashes)
29 | * [Section 2 Title](#words-in-section2-title-separated-by-dashes)
30 | * [Section 3 Title](#words-in-section3-title-separated-by-dashes)
31 |
32 | We propose these sections for most guides:
33 |
34 | ## Before You get Started
35 | This section should tell the user what to prepare before starting a set of procedures. Explain any assumptions as bulleted lists. Clearly state the hardware and software requirements.
36 |
37 | ## Procedure 1
38 | This section should tell the user how to achieve the goal. Explain all steps simply and don't try to recreate other resources that are easily found. Focus on the government and what can be unique when implementing or executing.
39 |
40 | ## Procedure 2
41 | This section should tell the user how to achieve the goal. Explain all steps simply and don't try to recreate other resources that are easily found. Focus on the government and what can be unique when implementing or executing.
42 |
43 | Here are sample markdown formats for you:
44 |
45 | Headings use the hash sign with a space.
46 |
47 | ## This Is a Second-Level Heading
48 | ### This is a third-level heading
49 | #### This is a fourth-level heading
50 |
51 |
52 | ### Number List Items
53 |
54 | 1. Step 1 of procedure. (Indent 2 spaces, enter a number, and add 1 space.)
55 | 2. Step 2 of procedure.
56 |
57 | ### Bullet List Items
58 |
59 | * Bullet 1 (Indent 2 spaces, enter an asterisk, and add 1 space.)
60 | * Bullet 2
61 |
62 | ### Bold and Italics
63 |
64 | * Use double asterisks to bold a word: **bold**.
65 | * Use underscores to create italics: _italics_.
66 |
67 | ### Code Blocks
68 |
69 | To create a code block, use spaces, backticks (```), and Returns in this order:
70 |
71 | * 4 spaces plus 3 backticks (```) to start the code block
72 | * A Return
73 | * Type or paste in the code that the user needs to enter for a specific step
74 | * Another Return
75 | * 4 spaces plus 3 backticks to end the code block
76 | * Another Return
77 |
78 | For example:
79 |
80 | ```
81 | Text within three backticks for code or command line samples
82 | ```
83 |
84 | ### Code Comments
85 |
86 | Code comments will be invisible in a webpage view, but others will be able to see the comment in GitHub Markdown.
87 |
88 | ### Images
89 |
90 | To insert an image into your Page, upload the image file to the **/img/** folder in the GitHub repository. Then at the image insertion point in your page, add these formats to link to the image.
91 |
92 | 
93 |
94 | {:align="right"}
95 |
96 | {:style="float:left;width:25%;"}
97 |
98 |
99 | ### Links to Other Documents
100 |
101 | To link to useful references, information:
102 |
103 | [This is what I want my link to say]({{site.baseurl}}/insertlink/)
104 |
105 | To link to a document, or to another website, you need to always open the link in a new window:
106 |
107 | [This is what I want my link to say](https://www.governmentagency.gov){:target="blank"}
108 |
--------------------------------------------------------------------------------
/video/create_profile.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/create_profile.mp4
--------------------------------------------------------------------------------
/video/download_and_verify.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/download_and_verify.mp4
--------------------------------------------------------------------------------
/video/install_command_line.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/install_command_line.mp4
--------------------------------------------------------------------------------
/video/install_giu_non-admin.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/install_giu_non-admin.mp4
--------------------------------------------------------------------------------
/video/ios_safari_configuration-g2.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/ios_safari_configuration-g2.mp4
--------------------------------------------------------------------------------
/video/keychain_gui_admin.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/keychain_gui_admin.mp4
--------------------------------------------------------------------------------
/video/keychain_gui_non_admin.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/keychain_gui_non_admin.mp4
--------------------------------------------------------------------------------
/video/manual_install_profile.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/manual_install_profile.mp4
--------------------------------------------------------------------------------
/video/remove_command_line.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/GSA/fpki-guides/ff0fb07db244df6c55117468796cdada4f7416bb/video/remove_command_line.mp4
--------------------------------------------------------------------------------
8 | An official website of the United States Government
9 |
10 |
11 | 
6 | 
10 |