Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

GSA Certificate Profile Conformance Tool

Last Update: November 30, 2022

The Certificate Profile Conformance Tool (CPCT) is an application that supports FPKI annual reviews and compliance by analyzing public X.509 certificates for conformance to a specified FPKI profile:

  • Common Policy SSP Program
  • FPKI/Federal Bridge
  • PIV-Interoperable (PIV-I)

CPCT use can enhance detection of certificate profile issues during FPKI development and maintenance phases.

In conjunction with the Card Conformance Tool (CCT), the CPCT Tool enables FPKI stakeholders to perform remote testing. To request an official report on your CPCT and CCT results, fill out the Annual PIV Credential Issuer (PCI) Testing Application Form and send it with outputs and testing artifacts to fips201ep at

Accessing the CPCT Application

To better serve the FPKI community, the CPCT was transitioned from an online application to an application that is hosted and run from the user’s workstation. Users can now access the CPCT application directly from their local hard drive using Docker Desktop, as indicated in the instructions below. It is a one-time download that users can bookmark for future use.


Users who do not possess Administrative Privileges for their device will require IT support from within their organization to perform the Docker Desktop download and subsequent install.


Agencies may need to obtain a license for Docker Desktop for each employee or contractor using the application. Appropriate agency personnel should review the information on the following page and make a determination:

Step-by-step Instructions

  1. Go to Docker Desktop. Download and install the version compatible with your device (MacOS, Windows or Linux). Website

  2. Once Docker Desktop has been installed successfully on your device, it will continue to run in the background and no further action will be required.

    Docker Desktop

  3. Next, copy and paste the link below in your web browser. Download the zip file of the latest released version. It can be located in the device’s Downloads folder as indicated in the screenshot below.

  4. Go to your device’s Downloads folder and copy the (your version number may be different). file to your Desktop. Then, extract the folder and save it on the device Desktop for ease of use.

    Zipped CPCT Folder

  5. Open the cpct-tool-1.x.x folder and double click the start.exe file. Refer to the screenshot below.

    CPCT Folder Unzipped

  6. The following window may appear, based on the device’s user settings. Click on “More info”.

    More Info

  7. The following window will then appear on your screen. Select the “Run anyway” icon.

    Run Anyway

  8. A Command line prompt window will open and ask whether you would like to continue, as shown in the screenshot below.

    Start of Install

  9. If you are ready for the CPCT to build, type “y” and hit enter at the blinking cursor. Allow the program to fully execute the build of the CPCT image in Docker Desktop. Once complete, the status message shown below will appear.

    End of Install

  10. To confirm that your image is running, check Docker Desktop to make sure you see the cpct-tool:latest running

    cpct-tool:latest running

  11. Arrive at the CPCT landing page. Use the CPCT application as in the past. Remember to bookmark this page for future use.

    The CPCT Tool Running Locally


Links to the CPCT Tool and associated support pages:

An official website of the General Services Administration

Looking for U.S. government information and services?
Visit Edit this page