Dodmerb Connection not Private

cksigranger

Member
I just received an email saying that the DoDMERB has received my medical exam. It also states that I should go to their website http://dodmerb.tricare.osd.mil and create an account to follow the status of my exam. I looked it up and it says that my connection is not private and there are possibly attackers coming from that web address. I tried googling the website and it comes up as the first search result, seems pretty legit. What do I do here?
Thank you.
 

C76706340

VMI 2022
Upon visiting the site, you will always be notified that your Tricare portal is not private. Ignore the warning.
 

TacticalNuke

Administrator
The reason for the warning is because the DoD intermediate and root certificate authorities (CAs) are not normally installed by default on operating systems and/or browsers. The exception is some versions of OS X, but not macOS, which had the DoD certificates (see https://support.apple.com/en-us/HT202858) but still may have had the cross-certificate chaining issue. You can find certificate installation instructions at https://iase.disa.mil/pki-pke/getting_started/Pages/index.aspx as a part of the installation instructions for CAC access. You only need to follow the portion of the instructions pertaining to the certificate installation for the operating system you're using (https://iase.disa.mil/pki-pke/getting_started/Pages/windows.aspx for Windows, https://iase.disa.mil/pki-pke/getting_started/Pages/cert-chaining.aspx for Mac, or https://iase.disa.mil/pki-pke/getting_started/Pages/linux-firefox.aspx for Firefox on Linux). You can also see https://iase.disa.mil/pki-pke/Pages/tools.aspx under Trust Store for the complete list of tools and installer. If you want to cross-check this information, see https://www.nsa.gov/what-we-do/information-assurance/.

Note that you should take precautions when installing a root and/or intermediate CA, as you are telling your OS/browser to trust any certificate issued by that CA. Thus, as a best practice, you should only install certificates that you trust and ensure that you're installing them by accessing a site via https without certificate errors. You should also only do so on a network you trust (e.g., not a public network) and via either a wired connections or wireless encrypted with modern encryption (e.g., not WEP or other insecure methods).

-TN
 
Last edited:

Candidate_JP

New Member
The reason for the warning is because the DoD intermediate and root certificate authorities (CAs) are not normally installed by default on operating systems and/or browsers. The exception is some versions of OS X, but not macOS, which had the DoD certificates (see https://support.apple.com/en-us/HT202858) but still may have had the cross-certificate chaining issue. You can find certificate installation instructions at https://iase.disa.mil/pki-pke/getting_started/Pages/index.aspx as a part of the installation instructions for CAC access. You only need to follow the portion of the instructions pertaining to the certificate installation for the operating system you're using (https://iase.disa.mil/pki-pke/getting_started/Pages/windows.aspx for Windows, https://iase.disa.mil/pki-pke/getting_started/Pages/cert-chaining.aspx for Mac, or https://iase.disa.mil/pki-pke/getting_started/Pages/linux-firefox.aspx for Firefox on Linux). You can also see https://iase.disa.mil/pki-pke/Pages/tools.aspx under Trust Store for the complete list of tools and installer. If you want to cross-check this information, see https://www.nsa.gov/what-we-do/information-assurance/.

Note that you should take precautions when installing a root and/or intermediate CA, as you are telling your OS/browser to trust any certificate issued by that CA. Thus, as a best practice, you should only install certificates that you trust and ensure that you're installing them by accessing a site via https without certificate errors. You should also only do so on a network you trust (e.g., not a public network) and via either a wired connections or wireless encrypted with modern encryption (e.g., not WEP or other insecure methods).

-TN
I have the same problem and followed these links and installed all the certificates to no avail. I still have no ability to access the DoDMERB Tricare website.
 

TacticalNuke

Administrator
The reason for the warning is because the DoD intermediate and root certificate authorities (CAs) are not normally installed by default on operating systems and/or browsers. The exception is some versions of OS X, but not macOS, which had the DoD certificates (see https://support.apple.com/en-us/HT202858) but still may have had the cross-certificate chaining issue. You can find certificate installation instructions at https://iase.disa.mil/pki-pke/getting_started/Pages/index.aspx as a part of the installation instructions for CAC access. You only need to follow the portion of the instructions pertaining to the certificate installation for the operating system you're using (https://iase.disa.mil/pki-pke/getting_started/Pages/windows.aspx for Windows, https://iase.disa.mil/pki-pke/getting_started/Pages/cert-chaining.aspx for Mac, or https://iase.disa.mil/pki-pke/getting_started/Pages/linux-firefox.aspx for Firefox on Linux). You can also see https://iase.disa.mil/pki-pke/Pages/tools.aspx under Trust Store for the complete list of tools and installer. If you want to cross-check this information, see https://www.nsa.gov/what-we-do/information-assurance/.

Note that you should take precautions when installing a root and/or intermediate CA, as you are telling your OS/browser to trust any certificate issued by that CA. Thus, as a best practice, you should only install certificates that you trust and ensure that you're installing them by accessing a site via https without certificate errors. You should also only do so on a network you trust (e.g., not a public network) and via either a wired connections or wireless encrypted with modern encryption (e.g., not WEP or other insecure methods).

-TN
I have the same problem and followed these links and installed all the certificates to no avail. I still have no ability to access the DoDMERB Tricare website.
Can you post a link to the site you're trying to access?

-TN
 
Top