Set Up CAC Login in Microsoft Edge

Microsoft Edge is often the easiest browser for CAC authentication on Windows because it uses the built-in Windows certificate store. If you’ve installed DoD root certificates via InstallRoot, Edge should work with minimal additional configuration. Here’s how to verify your setup and troubleshoot common issues.

Why Edge Works Well for CAC

Edge advantages for DoD users:

• Native Windows integration: Uses the same certificate store as Internet Explorer
• Pre-installed: Comes with Windows 10 and 11
• IT department approved: Most DoD networks allow Edge
• Automatic updates: Tied to Windows Update, reducing compatibility surprises
• IE Mode: Can render legacy DoD sites that require Internet Explorer

Prerequisites

Before using Edge for CAC authentication:

1. Install DoD root certificates: Run InstallRoot from MilitaryCAC.com
2. Connect your CAC reader: Verify it appears in Device Manager
3. Insert your CAC: Have the card in the reader before opening Edge
4. Verify middleware: ActivClient or your organization’s CAC software should be running

Verify Certificate Installation

Check that DoD certificates are installed correctly:

1. Press Windows + R, type certmgr.msc, press Enter
2. Expand “Trusted Root Certification Authorities” → “Certificates”
3. Look for “DoD Root CA 2,” “DoD Root CA 3,” “DoD Root CA 4,” and “DoD Root CA 5”
4. Expand “Intermediate Certification Authorities” → “Certificates”
5. Look for various “DOD ID CA” and “DOD EMAIL CA” entries

If these certificates are missing, download and run InstallRoot as Administrator.

Verify Your CAC Certificates

Your personal CAC certificates should appear in the certificate store:

1. In certmgr.msc, expand “Personal” → “Certificates”
2. With your CAC inserted, you should see certificates with your name
3. Typically you’ll see: DOD ID CA certificate (for authentication) and DOD EMAIL CA certificate (for email signing)

If your certificates don’t appear:

• Remove and reinsert your CAC
• Check that your CAC reader is working (Device Manager)
• Restart the Smart Card service

Test CAC Login in Edge

1. Open Edge and navigate to milConnect
2. Edge should display a certificate selection dialog
3. Select your DoD ID certificate (for authentication, not email)
4. Enter your CAC PIN when prompted
5. The site should load successfully

Troubleshooting Edge CAC Issues

No Certificate Selection Dialog Appears

If Edge doesn’t prompt for a certificate:

• Check CAC insertion: Ensure the card is fully inserted and the reader LED is lit
• Restart Edge: Close all Edge windows and reopen with CAC inserted
• Check Smart Card service: Press Windows + R, type services.msc, find “Smart Card,” ensure it’s running
• Verify middleware: ActivClient should show in the system tray

“Your connection is not private” or Certificate Errors

This indicates missing or untrusted root certificates:

1. Run InstallRoot again as Administrator
2. Clear Edge’s browsing data: Settings → Privacy → Clear browsing data
3. Select “Cached images and files” and “Cookies”
4. Restart Edge

Edge Asks for Certificate on Every Page

Some DoD sites require certificate selection on each request. This is normal for high-security sites. However, if it’s excessive:

1. Go to edge://settings/privacy
2. Under “Security,” ensure “Use secure DNS” is configured appropriately
3. Check if your organization has group policies affecting certificate behavior

“Can’t reach this page” for DoD Sites

If Edge can’t load DoD sites at all:

• Check your internet connection
• Try the site without VPN, then with VPN (some sites require VPN)
• Verify DNS is resolving correctly: nslookup milconnect.dmdc.osd.mil
• Try a different browser to isolate if it’s Edge-specific

Using IE Mode for Legacy Sites

Some older DoD applications require Internet Explorer. Edge can emulate IE:

1. Go to edge://settings/defaultBrowser
2. Under “Internet Explorer compatibility,” enable “Allow sites to be reloaded in Internet Explorer mode”
3. Add specific sites that require IE Mode under “Internet Explorer mode pages”

When you visit these sites, Edge will render them using the IE engine while maintaining CAC functionality.

Edge Certificate Settings

Access Edge’s certificate management:

1. Go to edge://settings/privacy
2. Scroll to “Security”
3. Click “Manage certificates”
4. This opens the Windows Certificate Manager

From here you can view, import, or remove certificates. For most users, InstallRoot handles certificate management automatically.

Clearing Edge’s SSL State

If you’re experiencing persistent certificate issues after making changes:

1. Open Internet Options (search in Windows)
2. Go to the “Content” tab
3. Click “Clear SSL state”
4. Click OK and restart Edge

This clears cached SSL sessions and forces Edge to re-establish secure connections.

Edge vs Chrome for CAC

Both are Chromium-based, but Edge has advantages for DoD use:

For most DoD users, Edge is the recommended browser for CAC-enabled sites.

Quick Checklist

1. [ ] InstallRoot run as Administrator
2. [ ] DoD Root CAs visible in certmgr.msc
3. [ ] CAC reader connected and recognized
4. [ ] CAC inserted before opening Edge
5. [ ] Smart Card service running
6. [ ] Personal certificates visible in certmgr.msc
7. [ ] Test site (milConnect) loads successfully

Edge typically provides the smoothest CAC experience on Windows. If you’re having issues, the problem is usually missing certificates or a CAC reader/middleware issue rather than Edge itself.

Last updated: December 2025

About Jack Ashford

Jack Ashford is a DoD cybersecurity specialist with over 12 years supporting military IT infrastructure. He holds Security+ and CAC certifications and has worked as systems administrator for multiple DoD agencies. Jack specializes in PKI certificate management, CAC troubleshooting, and secure authentication systems, helping military personnel and contractors resolve access issues quickly.