OPR: AFPKI SPO CI-13-01-114 November 2021
The AFPKI SPO is aware of the inconvenience imposed upon you to complete the 3-step process outlined here. With your experience in
mind, we have automated the process as much as we can and will connue to work to make the CAC replacement transion seamless.
a. Insert your new CAC in the card reader and click the buon (Windows icon at boom le of system tray)
b. Click on >
c. Select the tab > buon
d. Select all “old” cercates
Previously recovered email encrypon cercates “” “”)
DoD email cercates based on expiraon dates only
e. Click the buon, then click at the warning
a. Remove your new CAC from the card reader and reinsert it
b. Open then click > > >
c. At the next window, select
d. At the next window, in the “” area, click the buon
e. In the “” pop-up, click the buon unl it is grayed out; click
f. Back in the , click the buon
g. In the “” pop-up, click the buon for and
select the most current -cercate; if none are showing, click “”
and select the correct cercate; click
h. Verify the shown is “;” if not, click the drop-down arrow, select
“”
i. In the “” pop-up, click the buon for and
select the most current -cercate; click
j. Verify the shown is “-;” if not, click the drop-down arrow,
select “-” then click
k. At the warning pop-up, click ; enter your if prompted
l. Once all windows are populated and all three checkboxes are checked, click “” Your work-
staon is now congured to use the PKI cercates on your new CAC.
Ex: Signing Certificate
Ex: Encryption Certificate
Your new CAC contains a new Email Encrypon cercate and corresponding public/private encrypon key pair. Any email encrypted
with your cannot be opened with the new key; therefore, to read those email messages, you must
. There are two methods to recover an encrypon key: (recommended) and .
a. Open a browser and type in one of the following URLs (case sensive)
-
-
b. When prompted to choose a cercate, select your -, then enter your PIN if prompted
c. At the “” (AKRA) page, click . Note the list of all your escrowed encrypon keys available
for recovery. Review the list, then based on the date range, select the key that
matches the meframe of the encrypon key you wish to recover.
: Key Usage must be “” no other cercates can
be recovered
: DO NOT RECOVER any encrypon keys with a “Not Valid Before…”
date within one day of your newly issued CAC
d. Click the blue buon