[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

How to get all IE's in the domain to trust a certificate on a web enabled box on the intranet

I have a few devices on my internal network that operate over https for there configuration. When I connect to it with IE 7 or 8 it presents the certificate error screen. I can always continue to the site and make my configuration changes but I want IE to trust the cert. I know that I can import the cert to my computer, but I want this to be trusted by all comps in the domain. I have a CA for our domain on a Server 2003 box. Certificates and CA's are an area that I am not as knowledgeable as I would like to be. What can I do to get our comps to trust theses devices? Is there a way to get the certificate that was issued by the vendor that is currently with the device to be trusted?
0
knada242
Asked:
knada242
  • 2
2 Solutions
 
rparsons1000Commented:
You'll have to setup up a root trust in a GPO:

http://unixwiz.net/techtips/deploy-webcert-gp.html

0
 
cyberlopez6Commented:
You have 2 options: Generate a cert for the device(s) that's issued by your Enterprise CA (must be Enterprise, not Stand-Alone) or add the self-signed cert from each device to every machine via GPO.

To generate a cert from the device, you will need to first generate a Certificate Request on the device.  It needs to be a Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7). Your vendor can help you with that.  It will look like about 20 lines of random text, usually exported to a text file.  Go to http://yourCAserver/certsrv. Click the following:  Request a Certificate -> Advanced Certificate Request -> Submit a Certificate Request by using...   Then Paste in the entire text from the file (i've attached an example request file)
certreq.txt
0
 
cyberlopez6Commented:
oops.  hit enter.. DOH!

Select the Web Server template and click submit.  It will process your Cert request and allow you to download the certificate.  Take the resulting file and apply it to your device, using your vendor's instructions.

You can also add a Self-Signed cert to all computers via GPO (Computer->Windows Settings->Security Settings->Public Key Policies) Import the cert into Enterprise Trust (or is it Trusted Root Certificate Authorities?  one of those...)
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now