[TUTO] – Certificate: How to deploy a root certificate by GPO


We will see together in this tutorial how to deploy a root certificate by GPO (Group Policy Object). It is for me one of the quickest and easiest way to deploy your certificates into your domain Active Directory Enterprise. We will focus on configuring a deployment of the certificates in the store “Trusted Root Certification Authorities” but this tutorial will work also for other stores such as:

  • Intermediate Certification Authorities
  • Trusted Publishers
  • Untrusted Certificates
  • etc…

Some documentation on the GPO: https://technet.microsoft.com/fr-fr/library/ee390965(v=vs.85).aspx


Note: This tutorial was made under an Active Directory 2016 environment


Open the console “Group Policy Management”, create a new GPO, and then edit the.

You are at the level of the console “Group Policy Management editor”, then go in :

  • Computer Configuration
    • Policies
      • Windows Settings
        • Security Settings
          • Local Policies
            • Public Key Policies


Click on “Trusted Root Certification Authorities” and then “Import…”.


Click “Next”.


Click on “Browse”… then get the certificate that you want to deploy.


Click “Next”.


Check that the certificate is well positioned at the level of the store “Trusted Root Certification Authorities” and then click “Next”.


Click “Finish” to end the import.


Now you just have to deploy your GPO on a OU where you can find your servers or user workstations.


Fondateur de sys-Advisor.com, Passionné avant tout, je partage mon quotidien à travers ce site. #sysadmin #microsoft #vmware #tech #geek @sysadvisor



Please enter your comment!
Please enter your name here