Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Pardon our Dust.

Welcome to the new site for Federal Identity, Credential, and Access Management (FICAM) Playbooks! We are consolidating all existing FICAM and Federal Public Key Infrastructure (FPKI) playbooks to this new page to help you find answers and content faster. Please bookmark this URL for future reference.

5. Distribute the certificate to applications

We're calling for all solutions! If you'd like to share your agency's playbook on how to distribute a trusted root CA certificate to an application trust store, create an issue on GitHub or email us at fpkirootupdate@gsa.gov.

Many, but not all, software applications leverage the underlying operating system trust store to verify whether a certificate should be trusted.

Collaborate across agency teams to identify applications that rely on custom trust stores to ensure distribution of the Federal Common Policy CA (FCPCA) G2 certificate.

Example applications with custom trust stores:

  • Java and all Java-based applications (for example, Apache Tomcat)
  • Mozilla products (for example, Firefox or Thunderbird)
  • OpenSSL-based applications (for example, Apache HTTP Server or Nginx)

Important! Depending on how these applications are configured, it's likely you'll also need to distribute the intermediate CA certificates issued by the FCPCA G2.


Next, determine if you need to distribute the CA certificates issued by the FCPCA G2.