We will see together in this tutorial how to deploy a root certificate by GPO (Group Policy Object). It is for me one of the quickest and easiest way to deploy your certificates into your domain Active Directory Enterprise. We will focus on configuring a deployment of the certificates in the store “Trusted Root Certification Authorities” but this tutorial will work also for other stores such as:
- Intermediate Certification Authorities
- Trusted Publishers
- Untrusted Certificates
- etc…
Some documentation on the GPO: https://technet.microsoft.com/fr-fr/library/ee390965(v=vs.85).aspx
Note: This tutorial was made under an Active Directory 2016 environment
Open the console “Group Policy Management”, create a new GPO, and then edit the.
You are at the level of the console “Group Policy Management editor”, then go in :
- Computer Configuration
- Policies
- Windows Settings
- Security Settings
- Local Policies
- Public Key Policies
- Local Policies
- Security Settings
- Windows Settings
- Policies
Click on “Trusted Root Certification Authorities” and then “Import…”.
Click “Next”.
Click on “Browse”… then get the certificate that you want to deploy.
Click “Next”.
Check that the certificate is well positioned at the level of the store “Trusted Root Certification Authorities” and then click “Next”.
Click “Finish” to end the import.
Now you just have to deploy your GPO on a OU where you can find your servers or user workstations.
[…] 2. https://sys-advisor.com/en/2017/06/28/tuto-certificate-how-to-deploy-a-certificate-root-by-gpo/ […]