It looks like this has been out for some time but this is the first time I’ve encountered a server configured for it. Essentially, the network engineers removed all of the trusted CAs from the “Trusted Root Certification Authorities” tab except for ones they needed and DoDI 8520.2 ECA vendors. Why was this a problem you ask? Well, the developer who was administrating the server needed to connect to our webserver from the remote server in the datacenter to retrieve files to update the server. Our SSL certificate was from a non ECA vendor hence the company certificate wasn’t trusted. Clearly this isn’t just for client side certs (or at least that’s how the datacenter folks interpreted it!)

Couple of useful links:
http://www.identrust.com/certificates/eca/

http://iase.disa.mil/pki/eca/