deploy a trusted certificate through out the domain

I want to start using ssl on my pop3 and smtp server I am creating my own cert as there are only 10 of us that use this email server and I don't want to pay for a trusted cert yearly when we don't have that many users. I can already see the little window coming up every time I do a send and recieve in outlook asking if I want to trust the cert trying to be used, I don't want to go add the issuer one by one in the internet explorer options, so how do I use my domain controller to tell all the machines that the certificate is trusted? Deploy this as a trusted cert without going to each machine one by one?
LVL 5
brady1408Asked:
Who is Participating?
 
NopiusConnect With a Mentor Commented:
I'm not a master in Windows.
For manual installation of root certificate on every client, read: http://support.microsoft.com/kb/297681/en-us

Also this link may be helpful 'HOW TO: Change the Policy Settings for a Certification Authority (CA) in Windows 2000' http://support.microsoft.com/kb/313234/en-us

But again, I'm not as good in Windows as in Unix, probably someome else have more experience.
0
 
brady1408Author Commented:
okay with outlook 2003 aparently you only have to accept it once but still if I want to use express or any secure webpages using the cert I will have to add it.
0
 
NopiusCommented:
I don't know how to 'push' trusted certificate to every machine. I recommend you to deploy root CA server.
Then you need to add only one server certificate to each client as a trusted 'root' authority, then every
 certificate signed by this server will be smoothly accepted by many standard Windows applications.

How to deploy CA service, read in Windows help 'Installing and configuring a certification authority'.
Also this link may be helpful: http://support.microsoft.com/?kbid=271386 (HOW TO: Install a Windows 2000 Certificate Services Offline Root Certificate Authority)
0
 
brady1408Author Commented:
so it doesn't matter if I deploy a root CA server or if I get a root CA from CAcerts it should work the same and I will still have to go and add the root to every machine
0
 
brady1408Author Commented:
I'm sorry I haven't had time to persue this more or I would have accepted an answer by now.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.