Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

2. Obtain and verify a copy of the Federal Common Policy CA G2 certificate

To limit the impact to your agency, you should distribute the Federal Common Policy CA G2 (FCPCA G2) certificate to all affected government-furnished workstations and devices as a trusted root certificate as soon as possible.

Download a Copy of FCPCA G2

To download a copy of FCPCA G2, use one of these recommended options:

  • Download the certificate from http://repo.fpki.gov/fcpca/fcpcag2.crt
  • Email fpki-help@gsa.gov to request an out-of-band copy for download.

You should never install a root certificate before you verify it. The procedures below describe how to verify the authenticity of your copy of the FCPCA G2. Your certificate details and hash must match the expected values in the following table.

FCPCA G2 Certificate Details
Distinguished Name cn=Federal Common Policy CA G2, ou=FPKI, o=U.S. Government, c=US
Serial Number 21e5b9a0cc956de278ca012ba8fdc58a98b3fbea
SHA-1 Thumbprint 99B4251E2EEE05D8292E8397A90165293D116028
SHA-256 Thumbprint 5F9AECC24616B2191372600DD80F6DD320C8CA5A0CEB7F09C985EBF0696934FC

Verify Your Copy of FCPCA G2

To verify your copy of FCPCA G2, use one of these options:

On Windows: Use Microsoft Certutil

  1. Click Start, type cmd, and press Enter.
  2. Run the following command: 
        certutil -hashfile {DOWNLOAD_LOCATION}\fcpcag2.crt SHA256

Note: The following .gif shows you how to verify your copy of FCPCA G2 on Microsoft Server 2016.
A gif that shows the verification steps performed on Microsoft Server 2016


On macOS: Use Terminal

  1. Click the Spotlight icon and search for Terminal.
  2. Double-click the Terminal icon (black monitor icon with white “>_”) to open a window.
  3. Run the following command: 
     $ shasum -a 256 {DOWNLOAD_LOCATION}/fcpcag2.crt

Note: The following .gif shows you how to verify your copy of FCPCA G2 on macOS Catalina (10.15).
The following gif shows you how to verify your copy of FCPCA G2 on macOS Catalina 10 point 15

On Linux/Unix: Use the Command Line

  1. Open the command line.
  2. Run the following command: 
     $ sha256sum {DOWNLOAD_LOCATION}/fcpcag2.crt


Next, distribute the Federal Common Policy CA G2 certificate as an operating system trusted root.

Return to top

IDManagement.gov

An official website of the General Services Administration

Looking for U.S. government information and services?
Visit USA.gov

This site is a collaboration between GSA and the Federal CIO Council. It is managed by the Identity Assurance and Trusted Access Division in the GSA Office of Government-wide Policy.

Edit this page