To ensure that users do not experience denial of service when performing certificate-based authentication to DoD websites due to the system chaining to a root other than DoD Root CA 2 or ECA Root CA 2, administrators should run the newly updated FBCA cross-certificate removal tool. The tool will install the cross certificates into the Untrusted Certificate Store. The FBCA cross-certificate removal tool is available on the PKE website under the Tools section.