This page will be updated with any known issues relating to access to the COBRA website.  If you are having problems accessing COBRA and no issues are posted please call the COBRA helpdesk at (703) 639-4522

The COBRA website is: https://cobra.csd.disa.mil

NOTE: the https prefix is REQUIRED.   Accessing this site requires a DOD issued PKI certificate, either CAC card or soft certificate.

New users can sign request access by accessing the site and clicking on the request access button and following the instructions.

 

CURRENT STATUS:

COBRA IS CURRENTLY UP

 

Known issue accessing COBRA with Microsoft Internet Explorer

 

SYMPTOM: Access to https://cobra.csd.disa.mil/ results in a “Page not found” or similar error.

There is a known DOD PKI / Federal Interoperability Bridge issue with some bad Intermediate Cross Trust Certificates that results in unusable identity certificates (these are the certificates that are used for COBRA authentication).  This problem often occurs when Microsoft updates are applied.

DETECTION:  To determine if this is the cause of your problem…

  1. Open Internet Explorer, click Tools, Internet Options, Content, Certificates.
  2. Highlight your identity certificate (this is the one that is signed by DOD CA-##, not DOD EMAIL CA-##).
  3. Select the Certification Path tab.
  4. Check to make sure there are only 3 levels in the path / chain.
  5. If there are more than 3 items in the chain, then your system has intermediate certificates that need to be removed.

SOLUTION:

Cross Cert Removal: The user needs to download and execute a utility that DOD PKI has provided..

 

1. Download the remover utility (and the optional user documentation)

Utility:

http://iasecontent.disa.mil/pki-pke/unclass-fbca_crosscert_remover_v112.zip

 

Documentation:

http://iase.disa.mil/pki-pke/function_pages/downloads/unclass-fbca_xcert_remover_userguide.pdf

2. Open the zip file and execute the .exe file (Winzip may caution you, click yes or Run as appropriate) 3. When the command box appears, hit enter twice 4. Close all Internet Explorer windows and start a fresh one to retry access to https://cobra.csd.disa.mil/ 5. (optional) go through the detection steps above to see that your certificate chain is back to the normal 3 levels deep.

PREVENTION: Unfortunately, the bad certificates propagate through email and users often find themselves having to remove them frequently. Turning off Automatic Root Certificate Update in Windows can help, but due to the way the certificates are trusted (at the root certificate level); Outlook will still automatically add the intermediate certificates.

Last Edit Dec 7, 2013