GSA Certificate Profile Conformance Tool
Last Update: November 30, 2022
The Certificate Profile Conformance Tool (CPCT) is an application that supports FPKI annual reviews and compliance by analyzing public X.509 certificates for conformance to a specified FPKI profile:
- Common Policy SSP Program
- FPKI/Federal Bridge
- PIV-Interoperable (PIV-I)
CPCT use can enhance detection of certificate profile issues during FPKI development and maintenance phases.
In conjunction with the Card Conformance Tool (CCT), the CPCT Tool enables FPKI stakeholders to perform remote testing. To request an official report on your CPCT and CCT results, fill out the Annual PIV Credential Issuer (PCI) Testing Application Form and send it with outputs and testing artifacts to fips201ep at gsa.gov.
Accessing the CPCT Application
To better serve the FPKI community, the CPCT was transitioned from an online application to an application that is hosted and run from the user’s workstation. Users can now access the CPCT application directly from their local hard drive using Docker Desktop, as indicated in the instructions below. It is a one-time download that users can bookmark for future use.
Note
Users who do not possess Administrative Privileges for their device will require IT support from within their organization to perform the Docker Desktop download and subsequent install.
Attention:
Agencies may need to obtain a license for Docker Desktop for each employee or contractor using the application. Appropriate agency personnel should review the information on the following page and make a determination: https://www.docker.com/pricing/faq/#subscriptionandlicensing
Step-by-step Instructions
Note
If you are an existing user of the CPCT Tool and have not used it in a while or you were sent here to reinstall the CPCT Tool, we advise that you first remove the previously installed Docker CPCT Tool container and image from Docker Desktop before downloading and installing a new version of the CPCT Tool.
-
Go to Docker Desktop. Download and install the version compatible with your device (MacOS, Windows or Linux).
-
Once Docker Desktop has been installed successfully, it will continue to run in the background on most systems. If you see that Docker is not running, please make sure it is running before installing the CPCT Tool in the next step.
-
Next, click the link below or copy and paste it into your web browser to visit the releases page.
-
To download the latest release, click the Source code (zip) link at the bottom of the page, then save to download the zip file.
-
Go to the location you downloaded the cpct-tool-1.x.x.zip (your version number may be different) file and copy it to your Desktop. Then, extract the folder to your Desktop for ease of use.
-
Open the
cpct-tool-1.x.xfolder and double click thestart.exefile. Refer to the screenshot below.
-
The following window may appear, based on the device’s user settings. Click on “More info”.
-
The following window will then appear on your screen. Select the “Run anyway” icon.
-
A Command line prompt window will open and ask whether you would like to continue, as shown in the screenshot below.
-
If you are ready for the CPCT to build, type “y” and hit enter at the blinking cursor. Allow the program to fully execute the build of the CPCT image in Docker Desktop. Once complete, the status message shown below will appear.
-
To confirm that your image is running, check Docker Desktop to make sure you see the
cpct-tool:latestrunning
-
Arrive at the CPCT landing page. Use the CPCT application as in the past. Remember to bookmark this page for future use.
Resources
Links to the CPCT Tool and associated support pages:
- GitHub link: https://github.com/GSA/cpct-tool
- GitHub Releases page: https://github.com/GSA/cpct-tool/releases
- GitHub Wiki page: https://github.com/GSA/cpct-tool/wiki
- GitHub Issues page: https://github.com/GSA/cpct-tool/issues
