LLLTTT?xml version="1.0" ?GGGTTT LLLTTTModule moduleID="858" projectID="216"GGGTTT LLLTTTModuleNameGGGTTTcertsLLLTTT/ModuleNameGGGTTT LLLTTTAUGGGTTTcertsLLLTTT/AUGGGTTT LLLTTTTitleGGGTTTUsing PKI CertificatesLLLTTT/TitleGGGTTT LLLTTTLinkSetGGGTTTlinksLLLTTT/LinkSetGGGTTT LLLTTTCertificateSWFPathGGGTTTassets/certificate_cert.swfLLLTTT/CertificateSWFPathGGGTTT LLLTTTCourseMapSWFPathGGGTTTassets/coursemap.swfLLLTTT/CourseMapSWFPathGGGTTT LLLTTTResourcesSWFPathGGGTTTassets/resources_cert.swfLLLTTT/ResourcesSWFPathGGGTTT LLLTTTNavBtnsGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTglossaryBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTGlossaryLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTGlossaryLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTGlossaryButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTcourseMapBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTCourse MapLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTCourse mapLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTCourseMapButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTresourcesBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTResourcesLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTResourcesLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTResourcesButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTreplayBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTReplayLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTReplayLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTReplayButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTpauseBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTPauseLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTPauseLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTPauseButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTresumeBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTResumeLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTResumeLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTResumeButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTexitBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTExitLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTExitLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTExitButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtn previousPgBtn="true"GGGTTT LLLTTTIDGGGTTTpreviousPgBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTPreviousLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTBack ArrowLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTPreviousButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtn nextPgBtn="true"GGGTTT LLLTTTIDGGGTTTnextPgBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTNextLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTForward ArrowLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTNextButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTTNavBtnGGGTTT LLLTTTIDGGGTTTcourseMenuBtnLLLTTT/IDGGGTTT LLLTTTLabelGGGTTTCourse MapLLLTTT/LabelGGGTTT LLLTTTRMATextGGGTTTCourse mapLLLTTT/RMATextGGGTTT LLLTTTClickEventNameGGGTTTCourseMenuButtonClickedLLLTTT/ClickEventNameGGGTTT LLLTTT/NavBtnGGGTTT LLLTTT/NavBtnsGGGTTT LLLTTTTopicsGGGTTT LLLTTTTopicGGGTTT LLLTTTTitleGGGTTTIntroduction and ObjectivesLLLTTT/TitleGGGTTT LLLTTTSubtitle /GGGTTT LLLTTTPagesGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTObjectivesLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_01LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT1LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTWelcome to the Using PKI Certificates lesson. When you have completed this lesson, you will be able to identify how to safely and securely authenticate your identity to access Department of Defense, or DoD, unclassified networks using the PKI certificates contained on your Common Access Card, or CAC, or Alternate Token. You will also be able to identify how to use your PKI certificates to authenticate your identity to DoD systems, applications, and restricted web sites. You will be able to identify how to send and receive e-mail securely using digital signatures and encryption. Finally, you will be able to identify how to read e-mail that was encrypted when you had a previous CAC. There are four topics in this lesson. After you have completed this introduction, you will learn how to authenticate your identity to access DoD unclassified networks using the PKI certificates on your CAC or Alternate Token. Next, you will learn how to verify and use PKI certificates to authenticate your identity to access DoD systems, applications and web sites. Then, you will learn how, when, and why to digitally sign e-mail. You will also learn how to recognize and validate a digitally signed e-mail, and what to do if a digital signature is not valid. You will learn how, when, and why to send encrypted e-mail, as well as how to decrypt e-mail sent to you, and how to publish your e-mail encryption certificate to the Global Address List, or GAL. Finally, you will learn how to recover a previous private encryption key so that you can read e-mail that was encrypted when you had a previous CAC. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTFor each screen you will hear a description. The description is cued by an audio tone. Complex screens are divided into several descriptions. Listen to the description, and then select the play audio narration button to continue. Use your arrow keys to cycle through a list of options. Screen 1 of 17. Topic Title: Introduction and Objectives. Screen Title: Objectives. The Using P K Eye Certificates title and an image of a common access card, or cack, display. Bulleted text displays in support of audio. Titles of the topics display. Topics are Introduction and Objectives, Authentication, Secure Email, and Conclusion.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTT/PagesGGGTTT LLLTTT/TopicGGGTTT LLLTTTTopicGGGTTT LLLTTTTitleGGGTTTAuthenticationLLLTTT/TitleGGGTTT LLLTTTSubtitle /GGGTTT LLLTTTPagesGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTTo Unclassified DoD NetworksLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_02LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT2LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTThroughout this lesson, references to the CAC include Alternate Tokens. To use your PKI Certificates on your CAC to authenticate your identity to access DoD unclassified networks, you must first ensure that a Smart Card reader is attached to or embedded in your workstation or keyboard. A Smart Card reader is the device that reads the PKI certificates on your CAC and transmits your identification information to DoD networks. If you do not have a Smart Card reader, contact your Help Desk. To initiate the authentication process, insert your CAC into the Smart Card reader. Make sure that the card is picture side up and that the end of the card with the gold chip is inserted into the reader. Enter your CAC PIN when prompted. Once authenticated, you will have access to the DoD unclassified network for which you have an account. Note that when your computer is locked, you may have to remove your CAC from the reader and reinsert it to reinitiate the authentication process. After you log off your workstation, you must remove your CAC from the Smart Card reader. However, to avoid problems such as your workstation shutting down or freezing during the logoff process, wait until the logoff process completes before you remove your CAC from the Smart Card reader. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 2 of 17. Topic Title: Authentication. Screen title: To Unclassified D O D Networks. Image of a cack displays. Image of a laptop P C with a smart card reader attached displays. Image of dots run from the smart card reader through the laptop to a network of computers. Cack is inserted into smart card reader and login screen appears on laptop. Pin is entered on the screen and successful login screen appears. Cack is inserted and removed from smart card reader in synch with audio. LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTTo DoD Systems, Applications, and Web SitesLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_03LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT3LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTPKI certificates authenticate your identity to access DoD unclassified systems, applications, and web sites. These certificates are created on your CAC at the time it is issued to you. Through Smart Card middleware, your certificates should be recognized automatically by Windows applications such as Outlook and Internet Explorer, and by Mozilla Firefox. When you access DoD unclassified systems, applications, and web sites, you will be prompted to select your certificate and enter your PIN and select OK. Review the warning statement and select OK. If you experience any problems with your PKI certificates not being recognized, you must decide whether or not you want to trust the server or you can contact your Help Desk or other PKI technical assistance. Select Error Messages to learn more. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 3 of 17. Screen title: To D O D Systems, Applications, and Web Sites. Image of three certificates with a key on top of each displays. The certificates are labeled Identity Certificate, Email Signing Certificate, and Email Encryption Certificate. Bulleted text displays in support of audio. A cack displays and the three certificates display on top of the cack. A laptop P C displays and laptop screen displays animation of all of the screens, web site addresses typed in, and buttons clicked in this process. Error messages button becomes selectable as a popup.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTTPopupsGGGTTT LLLTTTPopupGGGTTT LLLTTTFilenameGGGTTTpkiusec_03_01LLLTTT/FilenameGGGTTT LLLTTTSec508TriggerNameGGGTTTError MessagesLLLTTT/Sec508TriggerNameGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTLLLTTT![CDATA[When accessing a web page, you may encounter errors or warnings such as Domain Name Mismatch, Server Certificate Expired, and Server Certificate Not Trusted. The Domain Name Mismatch security error occurs if you make a secure connection to a server whose domain does not match the domain name in the certificate it uses. The Server Certificate Expired security error occurs if the site`s certificate expiration date is earlier than your system date. This may be caused by your system having the incorrect time, or by the certificate genuinely being expired. The Server Certificate Not Trusted security error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. ]]GGGTTTLLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTPopup 1 of 1: Popup title: Error Messages. A computer screen displays. Bulleted text displays in support of audio. Each type of error message screen displays in support of audio.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PopupGGGTTT LLLTTT/PopupsGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTKnowledge CheckLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_04LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT4LLLTTT/PageNbrGGGTTT LLLTTTPageTypeGGGTTTKnowledge CheckLLLTTT/PageTypeGGGTTT LLLTTTAttemptCountLimitGGGTTT1LLLTTT/AttemptCountLimitGGGTTT LLLTTTDfltQuestionWidthGGGTTT500LLLTTT/DfltQuestionWidthGGGTTT LLLTTTDfltFBWidthGGGTTT600LLLTTT/DfltFBWidthGGGTTT LLLTTTInstructionsGGGTTTSelect True or False for each statement. Select Done when you have finished. LLLTTT/InstructionsGGGTTT LLLTTTQuestionsGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTYou must download your PKI certificates from your CAC so that MS Outlook and Internet Explorer will be able to authenticate your identity to DoD systems, applications, and web sites.LLLTTT/TxtGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTTrueLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTFalseLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. Your PKI certificates are automatically enabled through Smart Card middleware to authenticate your identity to Windows Outlook and Internet Explorer and to Mozilla Firefox.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. Your PKI certificates are automatically enabled through Smart Card middleware to authenticate your identity to Windows Outlook and Internet Explorer and to Mozilla Firefox.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTPKI certificates on your CAC or Alternate Token are used to authenticate your identity to DoD unclassified networks.LLLTTT/TxtGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTTrueLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTFalseLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. PKI certificates on your CAC or Alternate Token are used to authenticate your identity to DoD unclassified networks.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. PKI certificates on your CAC or Alternate Token are used to authenticate your identity to DoD unclassified networks.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTYou should not have to wait for the logoff process to complete before removing your CAC from the Smart Card reader.LLLTTT/TxtGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTTrueLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTFalseLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. In order to avoid problems such as your workstation shutting down or freezing during the logoff process, you should wait until the logoff process completes before you remove your CAC from the Smart Card reader.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. In order to avoid problems such as your workstation shutting down or freezing during the logoff process, you should wait until the logoff process completes before you remove your CAC from the Smart Card reader.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTWhen you attempt to access DoD systems, applications, and web sites, you will be prompted to select your certificate and enter your PIN.LLLTTT/TxtGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTTrueLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTFalseLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. When you attempt to access DoD systems, applications, and web sites, you will be prompted to select your certificate and enter your PIN.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. When you attempt to access DoD systems, applications, and web sites, you will be prompted to select your certificate and enter your PIN.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTT/QuestionsGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTNow check your knowledge. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 4 of 17. Screen title: Knowledge Check. This is a multiple choice question. Use your keyboard to cycle through the list of options.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTT/PagesGGGTTT LLLTTT/TopicGGGTTT LLLTTTTopicGGGTTT LLLTTTTitleGGGTTTSecure E-mailLLLTTT/TitleGGGTTT LLLTTTSubtitle /GGGTTT LLLTTTPagesGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTDigitally Signing E-mailLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_05LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT5LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTDoD policy requires you to digitally sign e-mail when the e-mail contains an attachment or an embedded hyperlink. An embedded hyperlink is a URL or an e-mail address contained in the e-mail body or attachment that is both underlined and that will cause an action to occur if you select it with your mouse. You may also consider digitally signing other e-mail messages such as: those that contain information on operational, contract, finance or personnel management matters; those that provide direction or tasking; those that request or respond to requests for resources; or those that promulgate organization position. In many cases, your e-mail has been configured to automatically digitally sign your outgoing e-mail messages. If your e-mail is not configured to automatically digitally sign your e-mail, you can digitally sign your e-mail manually by selecting the Digital Signature button on the toolbar. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 5 of 17. Topic Title: Secure Email. Screen title: Digitally Signing Email. An image of an outgoing signed email message displays. Bulleted text displays in support of audio. An embedded hyperlink in the body of the email and the digital signature button on the email screen are notated with callout boxes.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTReceiving Digitally Signed E-mailLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_06LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT6LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTWhen you receive an email, you will see a signed by field under the subject line that contains the e-mail address of the person who signed the message. If the digital signature on the e-mail is valid, you will see a red ribbon on the signed by status line. If the digital signature is invalid, you will see a gray ribbon with an exclamation point on top of it. You also should see an invalid digital signature alert, if the box that specifies that you wish to be warned before opening messages with invalid signatures has not been unselected. If you have certificate validation software, on your workstation, you should see an additional notification of the certificate status in the lower right corner of your system tray. Select certificate status notification to learn more. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 6 of 17. Screen title: Receiving Digitally Signed Email. An image of an incoming digitally signed email message displays. Bulleted text displays in support of audio. The digital signature and the status indicator button are notated with callout boxes. The Digital Signature Invalid and the Unable to Validate Certificate popup windows display. The Certificate status notification button becomes selectable as a popup.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTTPopupsGGGTTT LLLTTTPopupGGGTTT LLLTTTFilenameGGGTTTpkiusec_06_01LLLTTT/FilenameGGGTTT LLLTTTSec508TriggerNameGGGTTTCertificate Status NotificationLLLTTT/Sec508TriggerNameGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTWhen you receive a digitally signed e-mail or document, you should see notification of the certificate status in the lower right corner of your system tray, if you have certificate validation software on your workstation If the certificate on the digitally signed e-mail or document is valid, you will see the Valid Certificate notification. If the certificate is expired, you will see the Unable to Validate Certificate notification. If the certificate has been revoked, you will see the Revoked Certificate notification. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTPopup 1 of 1: Popup title: Certificate Status Notification. A digitally signed email displays along with an image of each type of certificate status notification popup window.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PopupGGGTTT LLLTTT/PopupsGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTInvalid Digital SignaturesLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_07LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT7LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTWhen you open a message that has been signed by an invalid certificate, you may see an invalid signature alert in Outlook. Through this alert, you can choose to ignore the warning and open the e-mail message by selecting View Message or you can choose not to open the message by selecting Cancel. You can view the details of the signature and its status by selecting Details. Digital signatures can be invalid for any of the following reasons: the content has been altered since it was signed; the certificate associated with the digital signature is revoked, expired, or was not issued by a trusted source. In this example, the certificate is invalid because it has expired and was not issued by a trusted source. If there is a problem with a digital signature on an e-mail you receive, you should contact the sender of the signed e-mail, if it's someone you know, and let them know that there is a problem with the signature. If you suspect this to be a suspicious or malicious e-mail, report it to your security point of contact, or POC, or help desk. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 7 of 17. Screen title: Invalid Digital Signatures. An image of a digital signature invalid alert screen displays. The buttons on this screen are highlighted as they are explained in the audio. After the details button is selected, another digital signature invalid screen displays that shows why the digital signature is invalid. Bulleted text displays in support of audio.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTWhy and When You Should Encrypt E-mailLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_08LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT8LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTLLLTTT![CDATA[You should encrypt certain types of e-mail messages so that only the intended recipient can read the message. However, you should not encrypt every e-mail message that you send. If everyone in the DoD encrypted every e-mail, this could adversely impact DoD network bandwidth. E-mail messages that are required to be encrypted are those that contain Controlled Unclassified Information, or CUI, which is also known as sensitive information. Examples of CUI are information that is potentially exempt from disclosure under the Freedom of Information Act, or FOIA, marked with the handling caveat For Official Use Only, or FOUO; information that is protected by the Privacy Act, also known as Personally Identifiable Information, or PII; individuals` health information that is protected under the Health Insurance Portability and Accountability Act, or HIPAA; and other categories of sensitive information. ]]GGGTTTLLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 8 of 17. Screen title: Why and When You Should Encrypt Email. Images of a key and a piece of paper display. Arrows display from the key and the paper pointing to a lock and another arrow pointing to a piece of paper with an image of a lock on it. Bulleted text displays in support of audio. A document labeled F O U O displays. Image of a social security card displays. Image of medical records folder displays. C U I becomes a rollover which states Controlled Unclassified Information, or C U I is a categorical designation that refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 1 2 9 5 8, as amended, but is pertinent to the national interests of the United States or to the important interests of entities outside the Federal Government, and under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. Henceforth, the designation C U I replaces Sensitive But Unclassified, or S B U. Source: White House Memorandum: Designation and Sharing of Controlled Unclassified Information, or C U I, May 2008. Foy ya becomes a rollover which states the Freedom of Information Act, or foy ya, signed into law in 1966 and implemented in 1967, is the implementation of freedom of information legislation in the United States. This act allows for the full and partial disclosure of previously unreleased information and documents controlled by the U S Government. The Act defines agency records subject to disclosure, outlines mandatory disclosure procedures, and grants nine exemptions to the statute. F O U O becomes a rollover which states For Official Use Only, or F O U O, is a designation that is applied to unclassified information that may be exempt from mandatory release to the public under the Freedom of Information Act, or foy yuh. The foy yuh specifies nine exemptions that may qualify certain information to be withheld from release to the public, if by its disclosure, a foreseeable harm would occur. Source: D O D fifty two hundred dot one dash r, Appendix 3, January 1997. P I I becomes a rollover which states personal information. Information about an individual that identifies, links, relates, or is unique to, or describes him or her, for example, Social Security number, age, military rank, civilian grade, marital status, race, salary, home or office phone numbers, or other demographic, biometric, personnel, medical, and financial information, etcetera. Such information also is known as personally identifiable information, that is, information that can be used to distinguish or trace an individual's identity, such as his or her name, Social Security number; date and place of birth, mother's maiden name, and biometric records, including any other personal information that is linked or linkable to a specified individual. Source: D O D D fifty four hundred dot eleven, 8 May 2007. Hippuh becomes a rollover which states the Health Insurance Portability and Accountability Act, or hippuh, is a law that Congress enacted in 1996. This act includes a series of administrative simplification provisions that require the Department of Health and Human Services to adopt national standards for electronic health care transactions to improve the efficiency and effectiveness of the health care system. Other categories of sensitive information becomes a rollover which states other categories of sensitive information include D O D Unclassified Controlled Nuclear Information, Unclassified Technical Data, Sensitive Acquisition Information, Proprietary Information, Foreign Government Information, and D E A Sensitive Information.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTPublishing to the GALLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_09LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT9LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTAfter logging on with your PKI certificates for the first time, you may need to publish your DoD PKI e-mail encryption certificates, located on your CAC, to the Global Address List, or GAL, to make it easier for others to send you encrypted e-mail. Conversely, when others publish their certificates to the GAL, you are then able to send encrypted e-mail to them. Note that you may need to complete this process each time you receive a new CAC, if your certificates are not published automatically to the GAL. The steps for publishing to the GAL depend on which version of Microsoft Outlook you are using. Select your version of Microsoft Outlook to see the steps for publishing to the GAL. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 9 of 17. Screen title: Publishing to the GAL. An image of an email address book screen displays which shows names from the global address list. Bulleted text displays in support of audio. GAL becomes a rollover which states the Global Address List, or GAL, is a directory service within an organizations or group of organizations email system. The GAL contains information for all email users, distribution groups, and resources. Users of Microsoft Outlook can publish to the GAL their externally generated P K I email encryption certificates that are used for secure email. M S Outlook 2003 and M S Outlook 2007 buttons become selectable as popups.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTTPopupsGGGTTT LLLTTTPopupGGGTTT LLLTTTFilenameGGGTTTpkiusec_09_01LLLTTT/FilenameGGGTTT LLLTTTSec508TriggerNameGGGTTTPublishing to the GAL for M S Outlook 2003LLLTTT/Sec508TriggerNameGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTTo publish to the GAL, open Microsoft Outlook 2003 and select Tools and then select Options. Select the Security tab. Under Encrypted e-mail, select Settings. Select Delete and this will empty all data fields. Select OK and you will be returned to the Security tab. Select Publish to GAL to remove old settings. A prompt appears. Select OK. Another prompt appears. Select OK. Select Settings. All data fields should be filled in again. Select OK. Once you are returned to the Security tab, select Publish to GAL to publish your current certificate. A prompt appears. Select OK. If prompted, enter your CAC PIN and select OK. You should now see that your certificates were published successfully. Select OK. To complete the process, select OK. If you experience any problems, contact your Help desk or other PKI technical assistance. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTPopup 1 of 2: Popup title: Publishing to the GAL for M S Outlook 2003. An animation of all of the screens and buttons that are part of this process displays. The instructions for each step of the process display in support of audio.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PopupGGGTTT LLLTTTPopupGGGTTT LLLTTTFilenameGGGTTTpkiusec_09_02LLLTTT/FilenameGGGTTT LLLTTTSec508TriggerNameGGGTTTPublishing to the GAL for M S Outlook 2007LLLTTT/Sec508TriggerNameGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTTo publish to the GAL, open Microsoft Outlook 2007 and select Tools, then select Trust Center. On the left hand side of the Trust Center screen, select the E-mail Security tab. Select Settings. Select Delete to remove all data. Select OK. Select Publish to GAL to remove old settings. A prompt appears. Select OK. Another prompt appears. Select OK. On the Trust Center screen, select settings. On the Change Security Settings screen, all data fields should be automatically filled. Select OK. On the Trust Center screen, select Publish to GAL to publish your current certificate. On the prompt that appears, select OK. If prompted, enter your CAC PIN and select OK. You should now see that your certificates were published successfully. Select OK. To complete the process, select OK. If you experience any problems, contact your Help desk or other PKI technical assistance. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTPopup 2 of 2: Popup title: Publishing to the GAL for M S Outlook 2007. An animation of all of the screens and buttons that are part of this process displays. The instructions for each step of the process display in support of audio.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PopupGGGTTT LLLTTT/PopupsGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTSending Encrypted E-mailLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_10LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT10LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTLLLTTT![CDATA[To send an encrypted e-mail, you will need the recipient's e-mail encryption certificate. There are three ways you can obtain the recipient's encryption certificate. If the recipient shares the same e-mail domain as you, you would use the Global Address List, or GAL, to obtain their encryption certificate. If the recipient is a DoD user, but not in your shared e-mail domain, you would use the Global Directory Service, or GDS. If the recipient is a partner outside of the DoD, you would use a digitally signed e-mail message. The most common way to encrypt an e-mail is to simply select the encryption button, which is the blue padlock on the toolbar, before sending the e-mail. If the recipient's encryption certificate is not in your GAL, then you will receive an error message and you will have to obtain the recipient's encryption certificate through either the GDS or digitally signed e-mail method. Once you've obtained the recipient's encryption certificate, then you can send that person an encrypted e-mail by selecting the encryption button on the toolbar. Select GDS and Digitally signed e-mail to learn how these methods work. ]]GGGTTTLLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 10 of 17. Screen title: Sending Encrypted Email. An email message displays. Bulleted text displays in support of audio. The blue padlock email encryption button on the email screen is notated with a callout box. An encryption error message screen displays. GAL becomes a rollover which states the Global Address List, or GAL, is a directory service within an organizations or group of organizations email system. The GAL contains information for all email users, distribution groups, and resources. Users of Microsoft Outlook can publish to the GAL their externally generated P K I email encryption certificates that are used for secure email. The G D S and Digitally signed email buttons become selectable as popups.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTTPopupsGGGTTT LLLTTTPopupGGGTTT LLLTTTFilenameGGGTTTpkiusec_10_01LLLTTT/FilenameGGGTTT LLLTTTSec508TriggerNameGGGTTTG D SLLLTTT/Sec508TriggerNameGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTFollow these steps, to obtain a DoD user's encryption certificate from the Global Directory Service, or GDS. Open your web browser and enter the web site address provided on this screen. Select your identification certificate. Enter your PIN when prompted. Select OK. You can query by last name, first name, e-mail address, or by components, services, and agencies. Enter the search criteria in the appropriate data fields. Select Search. Select the last name of the person for whom you are searching. Select the Download Certificates as a vCard (Outlook and Internet Explorer or Netscape 7.x Required) link. Select the certificate to be downloaded. Select Open. Select Save and Close. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTPopup 1 of 2: Popup title: G D S. An animation of all of the screens and buttons that are part of this process displays. The instructions for each step of the process display in support of audio. The web site address referenced in step 1 is h t t p s colon forward slash forward slash d o d 4 1 1 dot g d s dot disa dot mil. G D S becomes a rollover which states Global Directory Service, or G D S, is an enterprise wide directory service that supports the D O D P K I Program. G D S currently provides a D O D wide search capability for information such as names, email addresses and public keys, regarding D O D personnel with a D O D P K I certificate on the nippernet and the sippernet. G D S includes both the public email encryption keys and the certificate revocation lists.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PopupGGGTTT LLLTTTPopupGGGTTT LLLTTTFilenameGGGTTTpkiusec_10_02LLLTTT/FilenameGGGTTT LLLTTTSec508TriggerNameGGGTTTDigitally Signed EmailLLLTTT/Sec508TriggerNameGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTLLLTTT![CDATA[Follow these steps to obtain the encryption certificate from a digitally signed e-mail. Open the digitally signed e-mail. Right click on the sender`s e-mail address. Select Add to Outlook Contacts. At this point, you may add or modify personal information about the sender on the General tab, but this is not required. Select Save and Close. ]]GGGTTTLLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTPopup 2 of 2: Popup title: Digitally Signed Email. An animation of all of the screens and buttons that are part of this process displays. The instructions for each step of the process display in support of audio.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PopupGGGTTT LLLTTT/PopupsGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTReceiving Encrypted E-mailLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_11LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT11LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTWhen someone sends you an encrypted e-mail, you will recognize it by the blue padlock visual indicator next to your e-mail in your inbox. When you open the e-mail, your private key will be used to decrypt the message, and you may be prompted to enter your PIN. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 11 of 17. Screen title: Receiving Encrypted Email. An image of an email inbox displays. The blue padlock next to an email message in the list is enlarged. Bulleted text displays in support of audio. A cursor clicks on the email to open it and a PIN prompt displays, a PIN is entered and the email message opens.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTReading Previously Encrypted E-mailLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_12LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT12LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTWhen you receive a replacement CAC, you will also receive replacement certificates on your CAC. You will not be able to use your new CAC to read encrypted e-mail that was sent to you when you were using your previous CAC. To read those e-mail messages you will need to recover your previous e-mail encryption private key. Primarily for this reason, the DoD automatically escrows private encryption keys when new CACs and PKI certificates are issued. An automated key recovery process has been established to allow you to recover your previously issued private encryption key and install it in the certificate store on your computer. Note that if you are unable to recover your certificates, contact your Registration Authority, or RA, office. Select Automated Key Recovery Agent to review the steps for completing this process. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 12 of 17. Screen title. Receiving Previously Encrypted Email. Image of a cack displays. Image of a key labeled your previous public key displays. Image of a key labeled your previous private key displays on top of the cack. Bulleted text displays in support of audio. An image of a telephone displays. Automated Key Recovery Agent becomes selectable as a popup.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTTPopupsGGGTTT LLLTTTPopupGGGTTT LLLTTTFilenameGGGTTTpkiusec_12_01LLLTTT/FilenameGGGTTT LLLTTTSec508TriggerNameGGGTTTAutomated Key Recovery AgentLLLTTT/Sec508TriggerNameGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTFollow these steps to recover your previously issued private encryption key using the Automated Key Recovery Agent, or ARA and installing it in the certificate store on your computer. Open Internet Explorer and enter the web site address provided on this screen. Note that this URL is case sensitive. When prompted to select a certificate, you will need to select your CAC identification certificate. Note when the correct certificate is selected you should see the statement: You have a private key that corresponds to this certificate. Select your CAC ID certificate. Select OK. Enter your CAC PIN. Select OK. Read the DoD security warning. Select OK. The ARA will now gather a list of all of your private encryption certificate recoverable keys for you. Choose the key that you want to recover and select Recover. Read the acknowledgement that you are the DoD subscriber and select OK. Once the key is recovered, a page will display with a link to download your key along with a one-time password used to retrieve the recovered key. Write down or print the one-time password and keep it secured. Click the link to download your key. Select Open. Select Next. Verify the file name displayed is the intended encryption key to install. Select Next. Enter your one-time password. Check the box next to enable strong private key protection. Select Next. Select the radio button next to place all certificates in the following store. Select Browse. Select the personal store. Select OK. Select Next. You have successfully installed your private encryption key. Select Finish. Select Set Security Level. Select the radio button next to High. Select Next. Enter a new password and retype the password to confirm. Select Finish. Select OK. Select OK. You have successfully installed your previously issued private encryption key in the certificate store on your computer. Note that during this process, a notification e-mail was sent to you warning that a user was attempting to recover the chosen key. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTPopup 1 of 1: Popup title: Automated Key Recovery Agent. An animation of all of the screens and buttons that are part of this process displays. The instructions for each step of the process display in support of audio. The web site address referenced in step 1 is h t t p s colon forward slash forward slash ay r ay dash 1 dot c 3 p k eye dot c h ay m b dot disa dot mil forward slash ay r ay forward slash key.LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PopupGGGTTT LLLTTT/PopupsGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTKnowledge CheckLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_13LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT13LLLTTT/PageNbrGGGTTT LLLTTTPageTypeGGGTTTKnowledge CheckLLLTTT/PageTypeGGGTTT LLLTTTAttemptCountLimitGGGTTT1LLLTTT/AttemptCountLimitGGGTTT LLLTTTDfltQuestionWidthGGGTTT500LLLTTT/DfltQuestionWidthGGGTTT LLLTTTDfltFBWidthGGGTTT425LLLTTT/DfltFBWidthGGGTTT LLLTTTQuestionsGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTWhen you receive a digitally signed e-mail, you should verify that the sender's digital signature is valid.LLLTTT/TxtGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTTrueLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTFalseLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. You should verify that the sender`s digital signature is valid.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. You should verify that the sender`s digital signature is valid.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTT/QuestionsGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTNow, check your understanding. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 13 of 17. Screen title: Knowledge Check. This is a multiple choice question. Use your keyboard to cycle through the list of optionsLLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTKnowledge CheckLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_14LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT14LLLTTT/PageNbrGGGTTT LLLTTTPageType display="Sequential"GGGTTTKnowledge CheckLLLTTT/PageTypeGGGTTT LLLTTTAttemptCountLimitGGGTTT1LLLTTT/AttemptCountLimitGGGTTT LLLTTTDfltQuestionWidthGGGTTT500LLLTTT/DfltQuestionWidthGGGTTT LLLTTTDfltFBWidthGGGTTT425LLLTTT/DfltFBWidthGGGTTT LLLTTTInstructionsGGGTTTSelect the best response and then select Done.LLLTTT/InstructionsGGGTTT LLLTTTQuestionsGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTWhy should you publish your PKI e-mail encryption public key certificate to the Global Address List (GAL)? LLLTTT/TxtGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTSo others within your GAL can send you digitally signed e-mailLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTSo you can more easily send others within your GAL encrypted e-mailLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTSo others within your GAL can more easily send you encrypted e-mailLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTSo others within your GAL can access your private keyLLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. You should publish your PKI e-mail encryption public key certificate to the GAL so others within your GAL can more easily send you encrypted e-mail.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. You should publish your PKI e-mail encryption public key certificate to the GAL so others within your GAL can more easily send you encrypted e-mail.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTT/QuestionsGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTNow, check your understanding of publishing to the GAL. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 14 of 17. Screen title: Knowledge Check. This is a multiple choice question. Use your keyboard to cycle through the list of optionsLLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTKnowledge CheckLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_15LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT15LLLTTT/PageNbrGGGTTT LLLTTTPageType display="Sequential"GGGTTTKnowledge CheckLLLTTT/PageTypeGGGTTT LLLTTTAttemptCountLimitGGGTTT1LLLTTT/AttemptCountLimitGGGTTT LLLTTTDfltQuestionWidthGGGTTT500LLLTTT/DfltQuestionWidthGGGTTT LLLTTTInstructionsGGGTTTSelect the best response and then select Done.LLLTTT/InstructionsGGGTTT LLLTTTQuestionsGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTWhich of the following statements best reflects DoD policy regarding digitally signing e-mail messages? Select the best response and then select Done.LLLTTT/TxtGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTYou should digitally sign all e-mail messages.LLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTYou should only digitally sign e-mail messages that you encrypt.LLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTYou should digitally sign any e-mail messages that contain an attachment or embedded hyperlink.LLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. According to DoD policy, you should always digitally sign any e-mail message that contains an attachment or embedded hyperlink. You should also consider digitally signing e-mail messages that contain operational, contract, finance, or personnel management information, provide direction or tasking, request or respond to requests for resources, or promulgate organization position.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. According to DoD policy, you should always digitally sign any e-mail message that contains an attachment or embedded hyperlink. You should also consider digitally signing e-mail messages that contain operational, contract, finance, or personnel management information, provide direction or tasking, request or respond to requests for resources, or promulgate organization position.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTT/QuestionsGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTNow check your understanding. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 15 of 17. Screen title: Knowledge Check. This is a multiple choice question. Use your keyboard to cycle through the list of optionsLLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTKnowledge CheckLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_16LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT16LLLTTT/PageNbrGGGTTT LLLTTTPageType display="Sequential"GGGTTTKnowledge CheckLLLTTT/PageTypeGGGTTT LLLTTTAttemptCountLimitGGGTTT1LLLTTT/AttemptCountLimitGGGTTT LLLTTTDfltQuestionWidthGGGTTT500LLLTTT/DfltQuestionWidthGGGTTT LLLTTTDfltFBWidthGGGTTT425LLLTTT/DfltFBWidthGGGTTT LLLTTTInstructionsGGGTTTSelect the best response and then select Done.LLLTTT/InstructionsGGGTTT LLLTTTQuestionsGGGTTT LLLTTTQuestion qType="MC"GGGTTT LLLTTTDfltInstructionWidthGGGTTT570LLLTTT/DfltInstructionWidthGGGTTT LLLTTTTxtGGGTTTWhich of the following statements best reflects DoD policy regarding encrypting e-mail messages? Select the best response and then select Done.LLLTTT/TxtGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTYou should encrypt all e-mail messages.LLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponse valid="true"GGGTTT LLLTTTTxtGGGTTTYou should encrypt any e-mail messages that contain Controlled Unclassified Information (CUI).LLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTResponseGGGTTT LLLTTTTxtGGGTTTYou should only encrypt e-mail messages that you digitally sign.LLLTTT/TxtGGGTTT LLLTTT/ResponseGGGTTT LLLTTTFeedbackGGGTTT LLLTTTDfltCorrectGGGTTTCorrect. According to DoD policy, you should encrypt e-mail messages that contain Controlled Unclassified Information (CUI) which is information potentially exempt from disclosure under FOIA that is marked FOUO, PII that is protected by the Privacy Act, information that is protected under HIPAA, and other categories of sensitive information.LLLTTT/DfltCorrectGGGTTT LLLTTTDfltIncorrectGGGTTTIncorrect. According to DoD policy, you should encrypt e-mail messages that contain Controlled Unclassified Information (CUI) which is information potentially exempt from disclosure under FOIA that is marked FOUO, PII that is protected by the Privacy Act, information that is protected under HIPAA, and other categories of sensitive information.LLLTTT/DfltIncorrectGGGTTT LLLTTT/FeedbackGGGTTT LLLTTT/QuestionGGGTTT LLLTTT/QuestionsGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTNow check your understanding. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 16 of 17. Screen title: Knowledge Check. This is a multiple choice question. Use your keyboard to cycle through the list of optionsLLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTT/PagesGGGTTT LLLTTT/TopicGGGTTT LLLTTTTopicGGGTTT LLLTTTTitleGGGTTTConclusionLLLTTT/TitleGGGTTT LLLTTTSubtitle /GGGTTT LLLTTTPagesGGGTTT LLLTTTPageGGGTTT LLLTTTTitleGGGTTTConclusionLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_17LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT17LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTCongratulations! You have completed the Using PKI Certificates lesson. You should now be able to identify how to safely and securely authenticate your identity to access DoD unclassified networks as well as DoD systems, applications, and web sites using PKI certificates. You should be able to identify how to send and receive e-mail securely using digital signatures and encryption. Finally, you should be able to identify how to read e-mail that was encrypted when you had a previous CAC. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTTSec508DataGGGTTTLLLTTTContentDescription frameNbr="1"GGGTTTScreen 17 of 17. Topic Title: Conclusion. Screen title: Conclusion. The word Congratulations displays then fades and is replaced by a list of the objectives for the lesson. Each objective is checked off as it is reviewed. A space for you to enter your name displays. A print certificate button displays. A message displays that states make sure your certificate has printed before exiting. If not, troubleshoot the issue, then select the print button again. LLLTTT/ContentDescriptionGGGTTTLLLTTT/Sec508DataGGGTTT LLLTTT/PageGGGTTT LLLTTT!--PageGGGTTT LLLTTTTitleGGGTTTCertificate of CompletionLLLTTT/TitleGGGTTT LLLTTTFilenameGGGTTTpkiusec_18LLLTTT/FilenameGGGTTT LLLTTTPageNbrGGGTTT18LLLTTT/PageNbrGGGTTT LLLTTTShowTextGGGTTT LLLTTTTxt frameNbr="1"GGGTTTTo print a Certificate of Completion, enter your name in the space provided, and select Print Certificate. LLLTTT/TxtGGGTTT LLLTTTTxt frameNbr="1" /GGGTTT LLLTTT/ShowTextGGGTTT LLLTTT/Page--GGGTTT LLLTTT/PagesGGGTTT LLLTTT/TopicGGGTTT LLLTTT/TopicsGGGTTT LLLTTT/ModuleGGGTTT