Registering for DoD Machine Certificate
Topic:
API
Requirements and Steps to Register for a Machine Certificate
Your machine certificate can take the same actions as your personal certificate.
Requirements
- Common Access Card (CAC)
- NIPR email access
Request A DOD Machine Cert
If you already have a certificate, you can skip to the next section. To request a DoD certificate, follow these steps; you will need a CAC to complete this process.
- Generate a Certificate Signing Request (CSR) for the user. You can use a certificate name of
<your-bot-user>.<program>.arcus.mil
. For example:automation.{your program}.arcus.mil
- On NIPR, go to the NPE Portal
- Submit a Certificate request
- Certificate Profile = Robotic Process (or Device)
- Certificate CC/S/A = parent command (e.g. USSF)
- Extended Key Usage = Add id-kp-cllientAuth and move it to the right
- After submitting the request, you need to submit a digitally signed request to your supporting PKI office. For USAF/USSF, that is AF PKI RA 2842-2 form
- Send a digitally signed email (using your CAC) to your supporting PKI office and attach the form. For USAF/USSF, that address is afpki.ra@us.af.mil
- After receiving the approval email, go back to NPE portal, and download your certificate
Create A Bot User With A Machine Certificate
If you have a DOD/PKI certificate, you can create the bot user account in Arcus.
- Create an account in Arcus using the cert (use an email that is not already in use): register the bot certificate to Arcus
- Request that your Project Manager assign the bot user to the target project.
Note: The bot user needs the accept the “Terms and Conditions” every time they change