Public Key Infrastructure (PKI)
Overview
MITRE has deployed a Public Key Infrastructure (PKI) to support secure messaging for internal and sponsor communications.
This includes:
- Digital signature
- Encrypted messages
To enable you to communicate securely with MITRE personnel, the following resources are being made publicly available.
Important note: Both Workstation and Mobile devices use the same certificates, but they sometimes require different formats. Workstation certificates generally use the .CRT file extension and is best for desktop and laptop workstations that run Windows. Mobile Device certificates usually use the .CER file extension and is best for mobile hand-held smart phones that do not run Windows.
MITRE Email Encryption and Digital Signature Chain (Person Entity)
The MITRE key chain is required to support MITRE SMIME user certificates, also known as person-entity certificates.
Root
MITRE Corporation PE Root CA-1
Subordinate/Intermediate
MITRE PE CA-4
MITRE has also started transitioning users to a managed service platform hosted by Entrust. This certificate authority is cross certified with the federal bridge but if the certificate chain is needed, they can be downloaded below.
Root
Entrust Managed Service NFI Root CA
Subordinate/Intermediate
Entrust NFI Medium Assurance SSP CA
Support for Device Certificates
SMIME (person-entity) soft certificates and device (non-person entity) certificates are managed from separate key chains. You only need to install the following key chain to support MITRE-issued device certificates.
Root
MITRE BA ROOT
Subordinate/Intermediate
MITRE-NPE-CA1
MITRE BA NPE CA-3
MITRE BA NPE CA-4