[Last Call] Learn how to a build a cloud-first strategyRegister Now


deploy a trusted certificate through out the domain

Posted on 2006-05-18
Medium Priority
Last Modified: 2008-05-30
I want to start using ssl on my pop3 and smtp server I am creating my own cert as there are only 10 of us that use this email server and I don't want to pay for a trusted cert yearly when we don't have that many users. I can already see the little window coming up every time I do a send and recieve in outlook asking if I want to trust the cert trying to be used, I don't want to go add the issuer one by one in the internet explorer options, so how do I use my domain controller to tell all the machines that the certificate is trusted? Deploy this as a trusted cert without going to each machine one by one?
Question by:brady1408
  • 3
  • 2

Author Comment

ID: 16713871
okay with outlook 2003 aparently you only have to accept it once but still if I want to use express or any secure webpages using the cert I will have to add it.
LVL 27

Expert Comment

ID: 16714807
I don't know how to 'push' trusted certificate to every machine. I recommend you to deploy root CA server.
Then you need to add only one server certificate to each client as a trusted 'root' authority, then every
 certificate signed by this server will be smoothly accepted by many standard Windows applications.

How to deploy CA service, read in Windows help 'Installing and configuring a certification authority'.
Also this link may be helpful: http://support.microsoft.com/?kbid=271386 (HOW TO: Install a Windows 2000 Certificate Services Offline Root Certificate Authority)

Author Comment

ID: 16735875
so it doesn't matter if I deploy a root CA server or if I get a root CA from CAcerts it should work the same and I will still have to go and add the root to every machine
LVL 27

Accepted Solution

Nopius earned 2000 total points
ID: 16738613
I'm not a master in Windows.
For manual installation of root certificate on every client, read: http://support.microsoft.com/kb/297681/en-us

Also this link may be helpful 'HOW TO: Change the Policy Settings for a Certification Authority (CA) in Windows 2000' http://support.microsoft.com/kb/313234/en-us

But again, I'm not as good in Windows as in Unix, probably someome else have more experience.

Author Comment

ID: 16984651
I'm sorry I haven't had time to persue this more or I would have accepted an answer by now.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question