Some users experience problems accessing JKO using CAC. This problem is often the result of a well known and documented problem with incorrectly configured Internet Explorer settings. This problem is known as the “DoD Root Certificate Chaining Problem” per Defense Information Systems Agency (DISA). DISA has documented the problem and the recommended solution in detail. Please note DISA’s recommended solution requires elevated privileges.
From DISA guidance on the DoD Root Certificate Chaining Problem: “Department of Defense (DoD) Public Key Enabling (PKE) and the DoD Public Key Infrastructure (PKI) Program Management Office (PMO) have received several reports from DoD services about DoD certificates chaining improperly to cross – certificates or the Common Policy Root Certificate Authority (CA). When this occurs on DoD systems, PKI validation does not work properly.” “Administrators should run the Federal Bridge Certification Authority (FBCA) Cross – Certificate Removal Tool v1.06 once as an administrator and once as the current user.”