GSA Certificate Profile Conformance Tool
Last Update: November 30, 2022
The Certificate Profile Conformance Tool (CPCT) is an application that supports FPKI annual reviews and compliance by analyzing public X.509 certificates for conformance to a specified FPKI profile:
- Common Policy SSP Program
- FPKI/Federal Bridge
- PIV-Interoperable (PIV-I)
CPCT use can enhance detection of certificate profile issues during FPKI development and maintenance phases.
In conjunction with the Card Conformance Tool (CCT), the CPCT Tool enables FPKI stakeholders to perform remote testing. To request an official report on your CPCT and CCT results, fill out the Annual PIV Credential Issuer (PCI) Testing Application Form and send it with outputs and testing artifacts to fips201ep at gsa.gov.
Accessing the CPCT Application
To better serve the FPKI community, the CPCT was transitioned from an online application to an application that is hosted and run from the user’s workstation. Users can now access the CPCT application directly from their local hard drive using Docker Desktop, as indicated in the instructions below. It is a one-time download that users can bookmark for future use.
Note
Users who do not possess Administrative Privileges for their device will require IT support from within their organization to perform the Docker Desktop download and subsequent install.
Attention:
Agencies may need to obtain a license for Docker Desktop for each employee or contractor using the application. Appropriate agency personnel should review the information on the following page and make a determination: https://www.docker.com/pricing/faq/#subscriptionandlicensing
Step-by-step Instructions
-
Go to Docker Desktop. Download and install the version compatible with your device (MacOS, Windows or Linux).
-
Once Docker Desktop has been installed successfully on your device, it will continue to run in the background and no further action will be required.
-
Next, copy and paste the link below in your web browser. Download the zip file of the latest released version. It can be located in the device’s Downloads folder as indicated in the screenshot below.
-
Go to your device’s Downloads folder and copy the cpct-tool-1.x.x.zip (your version number may be different). file to your Desktop. Then, extract the folder and save it on the device Desktop for ease of use.
-
Open the
cpct-tool-1.x.x
folder and double click thestart.exe
file. Refer to the screenshot below. -
The following window may appear, based on the device’s user settings. Click on “More info”.
-
The following window will then appear on your screen. Select the “Run anyway” icon.
-
A Command line prompt window will open and ask whether you would like to continue, as shown in the screenshot below.
-
If you are ready for the CPCT to build, type “y” and hit enter at the blinking cursor. Allow the program to fully execute the build of the CPCT image in Docker Desktop. Once complete, the status message shown below will appear.
-
To confirm that your image is running, check Docker Desktop to make sure you see the
cpct-tool:latest
running -
Arrive at the CPCT landing page. Use the CPCT application as in the past. Remember to bookmark this page for future use.
Resources
Links to the CPCT Tool and associated support pages:
- GitHub link: https://github.com/GSA/cpct-tool
- GitHub Releases page: https://github.com/GSA/cpct-tool/releases
- GitHub Wiki page: https://github.com/GSA/cpct-tool/wiki
- GitHub Issues page: https://github.com/GSA/cpct-tool/issues