Registering for DoD Machine Certificate
Topic: API
Related: CollabTools API, Using Python with the ReST API, Make ReST API Calls with an ECA Cert, API Tokens

Requirements and Steps to Register for a Machine Certificate

Your machine certificate can take the same actions as your personal certificate.

Requirements

  • Common Access Card (CAC)
  • NIPR email access

Request A DOD Machine Cert

If you already have a certificate, you can skip to the next section. To request a DoD certificate, follow these steps; you will need a CAC to complete this process.

  1. Generate a Certificate Signing Request (CSR) for the user. You can use a certificate name of <your-bot-user>.<program>.arcus.mil. For example: automation.{your program}.arcus.mil
  2. On NIPR, go to the NPE Portal
  3. Submit a Certificate request
    • Certificate Profile = Robotic Process (or Device)
    • Certificate CC/S/A = parent command (e.g. USSF)
    • Extended Key Usage = Add id-kp-cllientAuth and move it to the right
  4. After submitting the request, you need to submit a digitally signed request to your supporting PKI office. For USAF/USSF, that is AF PKI RA 2842-2 form
  5. Send a digitally signed email (using your CAC) to your supporting PKI office and attach the form. For USAF/USSF, that address is afpki.ra@us.af.mil
  6. After receiving the approval email, go back to NPE portal, and download your certificate

Create A Bot User With A Machine Certificate

If you have a DOD/PKI certificate, you can create the bot user account in Arcus.

  1. Create an account in Arcus using the cert (use an email that is not already in use): register the bot certificate to Arcus
  2. Request that your Project Manager assign the bot user to the target project.

Note: The bot user needs the accept the “Terms and Conditions” every time they change