FAST Authentication Support Toolkit (FAST) Updated 24 March 2016

FAST Authentication Support Toolkit (FAST) is an enterprise automation solution that facilitates the secure PKI deployment of clients and servers within a non-publically routed enclave. Utlizing approved DoD HTTPS server (microsoft http.sys - IIS) and OpenSSL applications, this application-based secure file server and local Certificate Authority (CA) hosts the necessary files and services required to facilitate setup of secure PKI environments such as: TLS over AS-SIP telephony systems, routers & switches, and other non-publically routed infrastructure devices and servers.

FAST Links

The table below lists the various links and their uses. Be sure that you are using HTTPS and port 37306 for all of the links below.

/ The page you are currently on, this is the only page that is accessible without SSL.
/test Simple text output for testing the webserver from a console.
Plain-text, export of the requested DISA public CA key.
/disaca Plain-text, combined export of all DISA public CA keys.
/localca Plain-text export of the local certificate authorities public key.
/text-keygen Creates a new locally-signed public/private key pair. The public key is saved under PKI/issued and the private key is destroyed immediately with built-in secure file overwrite procedures. This is a plain-text output.
/web-keygen Performs the same operations as the text-keygen via a web page, which also includes any certificate authority public keys. This is a generic key generator that may be used for other equipment at your site that is authorized to use certificates signed by a local CA.
/text-keygen-private Same as /text-keygen, but only returns the private key. Future requests can call /text-keygen-public to get the matching public key. *You must call /text-keygen-private first*
/text-keygen-public Returns the plain-text public key for the requesting device (by IP address) after /text-keygen-private has already been called.
/*.xml Returns an empty TEO config file to prevent errors.

FAST Directory Structure

The table below lists the directories within FAST and their uses.

VoIP Solution/ Folder This container contains the batch file that launches the program, as well as, the whitelist for the HTTPS server. The application will only serve content explicitly listed in the whitelist text document located in this directory.
VoIP Solution/PKI Folder

This container is comprised of two sub-directories: "internal" and "issued". The "internal" directory is built during initial launch of the application and retains both the Public and Private key of the Certificate Authority. For this reason, it is not permitted to launch the application from a publically accessible location. The "issued" directory is also built during initial launch of the application and serves as a repository (as well as a log) of all issued public keys.

IMPORTANT: If at any point there is a suspected compromise to the Certificate Authority:

  1. Ensure the application is closed,
  2. Delete the "PKI" folder in its entirety,
  3. Re-launch the application.

This will destroy the Certificate Authority and necessitate a re-key of your entire PKI system before and new devices can be brought online. This act alone will not cause a disruption to services; HOWEVER, use extreme caution when re-keying your system to minimize disruption to services.

VoIP Solution/assets Folder This container is utilized to host static HTTPS content that administrators need to accomplish their duties. This HTTPS server will only serve content explicitly listed in the whitelist text document located in the root directory. Administrators must be updated this document accordingly or the contents of the "assets" folder will be inaccessible.
For the Nerds The VoIP Solution/bin container is comprised of the necessary .dll files, openssl.exe, openssl.conf, and the powershell script which launches the application, as well as, the HTTPS server. Any manipulation of this directory could affect the certification of the overall function of the application. Modifications to this directory are not supported by the developer.

Points of Contact

Organization: 373 TRS/Det 6 (AETC)
Robins AFB, GA
Developer: MSgt Jeff McCoy 💻
Infrastructure SMEs: Scarberry, Gabriel R (Gabe) MSgt USAF 960 COG (US) 
Lewis, Robert D TSgt USAF 982 TG (US)