Edit this page

5. Distribute the certificate to applications

We're calling for all solutions! If you'd like to share your agency's playbook on how to distribute a trusted root CA certificate to an application trust store, create an issue on GitHub or email us at fpkirootupdate@gsa.gov.

Many, but not all, software applications leverage the underlying operating system trust store to verify whether a certificate should be trusted.

Collaborate across agency teams to identify applications that rely on custom trust stores to ensure distribution of the Federal Common Policy CA (FCPCA) G2 certificate.

Example applications with custom trust stores:

  • Java and all Java-based applications (for example, Apache Tomcat)
  • Mozilla products (for example, Firefox or Thunderbird)
  • OpenSSL-based applications (for example, Apache HTTP Server or Nginx)

Important! Depending on how these applications are configured, it's likely you'll also need to distribute the intermediate CA certificates issued by the FCPCA G2. These certificates will available after November 18, 2020.


Optionally, distribute the CA certificates issued by the FCPCA G2.