Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Mass Addition of CA to Trusted CA List in Internet Explorer

Posted on 2007-11-19
7
1,016 Views
Last Modified: 2013-12-08
Ok, I've recently setup my companies own CA. I'm in the process of implementing a Citrix server and have chosen to use a Direct to Server deployment using SSL and so on.

The question I have is this. Is there a way via GPO or some other means for me to add my server certificate to Internet Explorers Trusted CA List without having to do it one at a time for every machine? I went through the GPO settings for Internet Explorer and nothing really jumped out at me. I also was unable to find an existing solution.

Thanks for any help.
0
Comment
Question by:Haze0830
  • 3
  • 2
  • 2
7 Comments
 
LVL 12

Accepted Solution

by:
Phil_Agcaoili earned 250 total points
ID: 20318478
Here are a couple of approaches:

(1) You can create a group policy object and import this certificate into "Computer Settings\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities".  Link the GPO at the domain level to have it apply to all computers in the organization.

(2) You can set up a certification authority on your SBS server, deploy the CA certificate via GPO as described above, and re-sign your web site certificate with the CA.  Installing Certificate Services is somewhat complicated, but it can be convenient to centralize (and mostly automate) the process of issuing and revoking certificates.

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20326835
Haze0830,

I'm a bit confused about your intent here.  I'm assuming that you are deploying your Citrix Server for EXTERNAL users access?  In that case creating a GPO won't do any good because you don't have control over their remote computer to be able to install anything, including an SSL certificate.  If you want to avoid the need for the user to do anything then you must use a 3rd Party Certificate which uses a CA that's already trusted by IE.  Also, if you are not using a 3rd Party Certificate on an SBS then you don't want to use Certificate Services because the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email) will create the self-signed certificate automatically.

You can get an inexpensive 3rd party certificate that would work for this purpose though.  GoDaddy has them for $20.00 and instructions for installing it on your SBS can be found at http://sbsurl.com/ssl

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:Haze0830
ID: 20327345
They're connecting via laptops that also double as their in-house workstations. Thanks for the response though. I've got it all straightened out.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 2

Author Comment

by:Haze0830
ID: 20327355
Also, that link you provided is dead.
0
 
LVL 12

Expert Comment

by:Phil_Agcaoili
ID: 20331158
Here's the GoDaddy site: https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979
You'll want the Standard SSL package.

At the bottom of the page are the FAQs.
You will want the "How do I install my Web Server Certificate?" link.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20332749
I've fixed the link so it works now.

"They're connecting via laptops that also double as their in-house workstations"

If that's the case, then you definitely don't need a 3rd Party Certificate, and my comment still stands.  If you had run the CEICW and properly joined those laptops to the domain using http://<servername>/connectcomputer then the domain's self-signed certificate would have been installed automatically.  It seems as though you are just making much more work for yourself than is necessary.

If you didn't join them using ConnectComputer you would correct that by following the steps I've outlined here:
http://sbsurl.com/rejoin

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:Haze0830
ID: 20337806
Right. I had already figured that out for myself. The certs were installed as a trusted CA automatically as they should have been. Initially I had tested the installation with non-domain PC's and had to manually add the certs.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Troubleshoot SharePoint 2013 Excel Services on IE 11 14 118
windows 10 6 45
Forcing domain PC to ignore redirected folders on 2012 domain network 11 49
MyWay Virus 9 27
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question