Quick Help

The knowledgebase is a categorized collection of answers to frequently asked questions (FAQ) and articles. You can read articles in this category or select a subcategory that you are interested in.

 How to Recover Old Certificates



When you replace or renew your common access card (CAC) or Public Key Infrastructure (PKI) certificates, you acquire a new encryption key. The new encryption key cannot open email messages that were encrypted with your previous encryption keys. To read messages encrypted with your previous encryption keys, download your previous encryption keys from one of the Defense Information Systems Agency (DISA) Automated Key Recovery Agent (ARA) sites and install them on your workstation:

Below are the websites available to recover you email certificate when you get a new CAC:


If the first website doesn't work for you then select the second one if that one doesn't work either then select the last website. One out of the three websites should work. 

DISA is reporting that the ARA-3 Automated Key Recovery server is temporarily down. Many of the most recent encryption keys (prior to CA-33) are also being ported over to ARA-5 & ARA-6, so please try those sites if ARA-3 is down. The stability of these sites may require you to re-try several times throughout the day. Trying different browsers may be successful as well.

A tutorial and quick link guide are available under attachments and external links.  The documents are the same in both locations; the external links are .mil restricted.


Local Nationals: 

In order to open past encrypted email on your new CAC you will need to contact NETOPS at 632-4991 and schedule a time to pick up your CD with your certificates on it from your ALToken. 

Article details

Article ID: 118

Facility: Email

Date added: Jun-2-2020 3:45pm

Views : 121

Want this too?