Dodmerb Connection not Private

cksigranger

Member
Joined
Nov 22, 2017
Messages
12
I just received an email saying that the DoDMERB has received my medical exam. It also states that I should go to their website http://dodmerb.tricare.osd.mil and create an account to follow the status of my exam. I looked it up and it says that my connection is not private and there are possibly attackers coming from that web address. I tried googling the website and it comes up as the first search result, seems pretty legit. What do I do here?
Thank you.
 
Upon visiting the site, you will always be notified that your Tricare portal is not private. Ignore the warning.
 
Safari I believe gives a nasty warning. I would avoid Safari
 
This warning comes up pretty frequently with quite a few .mil and .gov websites.
 
The reason for the warning is because the DoD intermediate and root certificate authorities (CAs) are not normally installed by default on operating systems and/or browsers. The exception is some versions of OS X, but not macOS, which had the DoD certificates (see https://support.apple.com/en-us/HT202858) but still may have had the cross-certificate chaining issue. You can find certificate installation instructions at https://iase.disa.mil/pki-pke/getting_started/Pages/index.aspx as a part of the installation instructions for CAC access. You only need to follow the portion of the instructions pertaining to the certificate installation for the operating system you're using (https://iase.disa.mil/pki-pke/getting_started/Pages/windows.aspx for Windows, https://iase.disa.mil/pki-pke/getting_started/Pages/cert-chaining.aspx for Mac, or https://iase.disa.mil/pki-pke/getting_started/Pages/linux-firefox.aspx for Firefox on Linux). You can also see https://iase.disa.mil/pki-pke/Pages/tools.aspx under Trust Store for the complete list of tools and installer. If you want to cross-check this information, see https://www.nsa.gov/what-we-do/information-assurance/.

Note that you should take precautions when installing a root and/or intermediate CA, as you are telling your OS/browser to trust any certificate issued by that CA. Thus, as a best practice, you should only install certificates that you trust and ensure that you're installing them by accessing a site via https without certificate errors. You should also only do so on a network you trust (e.g., not a public network) and via either a wired connections or wireless encrypted with modern encryption (e.g., not WEP or other insecure methods).

-TN
 
Last edited:
The reason for the warning is because the DoD intermediate and root certificate authorities (CAs) are not normally installed by default on operating systems and/or browsers. The exception is some versions of OS X, but not macOS, which had the DoD certificates (see https://support.apple.com/en-us/HT202858) but still may have had the cross-certificate chaining issue. You can find certificate installation instructions at https://iase.disa.mil/pki-pke/getting_started/Pages/index.aspx as a part of the installation instructions for CAC access. You only need to follow the portion of the instructions pertaining to the certificate installation for the operating system you're using (https://iase.disa.mil/pki-pke/getting_started/Pages/windows.aspx for Windows, https://iase.disa.mil/pki-pke/getting_started/Pages/cert-chaining.aspx for Mac, or https://iase.disa.mil/pki-pke/getting_started/Pages/linux-firefox.aspx for Firefox on Linux). You can also see https://iase.disa.mil/pki-pke/Pages/tools.aspx under Trust Store for the complete list of tools and installer. If you want to cross-check this information, see https://www.nsa.gov/what-we-do/information-assurance/.

Note that you should take precautions when installing a root and/or intermediate CA, as you are telling your OS/browser to trust any certificate issued by that CA. Thus, as a best practice, you should only install certificates that you trust and ensure that you're installing them by accessing a site via https without certificate errors. You should also only do so on a network you trust (e.g., not a public network) and via either a wired connections or wireless encrypted with modern encryption (e.g., not WEP or other insecure methods).

-TN
I have the same problem and followed these links and installed all the certificates to no avail. I still have no ability to access the DoDMERB Tricare website.
 
This is a keeper, Tactical Gouge from Tactical Nuke!
 
The reason for the warning is because the DoD intermediate and root certificate authorities (CAs) are not normally installed by default on operating systems and/or browsers. The exception is some versions of OS X, but not macOS, which had the DoD certificates (see https://support.apple.com/en-us/HT202858) but still may have had the cross-certificate chaining issue. You can find certificate installation instructions at https://iase.disa.mil/pki-pke/getting_started/Pages/index.aspx as a part of the installation instructions for CAC access. You only need to follow the portion of the instructions pertaining to the certificate installation for the operating system you're using (https://iase.disa.mil/pki-pke/getting_started/Pages/windows.aspx for Windows, https://iase.disa.mil/pki-pke/getting_started/Pages/cert-chaining.aspx for Mac, or https://iase.disa.mil/pki-pke/getting_started/Pages/linux-firefox.aspx for Firefox on Linux). You can also see https://iase.disa.mil/pki-pke/Pages/tools.aspx under Trust Store for the complete list of tools and installer. If you want to cross-check this information, see https://www.nsa.gov/what-we-do/information-assurance/.

Note that you should take precautions when installing a root and/or intermediate CA, as you are telling your OS/browser to trust any certificate issued by that CA. Thus, as a best practice, you should only install certificates that you trust and ensure that you're installing them by accessing a site via https without certificate errors. You should also only do so on a network you trust (e.g., not a public network) and via either a wired connections or wireless encrypted with modern encryption (e.g., not WEP or other insecure methods).

-TN
I have the same problem and followed these links and installed all the certificates to no avail. I still have no ability to access the DoDMERB Tricare website.

Can you post a link to the site you're trying to access?

-TN
 
Back
Top