How to get all IE's in the domain to trust a certificate on a web enabled box on the intranet

Posted on 2010-01-08
Last Modified: 2012-05-08
I have a few devices on my internal network that operate over https for there configuration. When I connect to it with IE 7 or 8 it presents the certificate error screen. I can always continue to the site and make my configuration changes but I want IE to trust the cert. I know that I can import the cert to my computer, but I want this to be trusted by all comps in the domain. I have a CA for our domain on a Server 2003 box. Certificates and CA's are an area that I am not as knowledgeable as I would like to be. What can I do to get our comps to trust theses devices? Is there a way to get the certificate that was issued by the vendor that is currently with the device to be trusted?
Question by:knada242
    LVL 5

    Accepted Solution

    You'll have to setup up a root trust in a GPO:

    LVL 8

    Assisted Solution

    You have 2 options: Generate a cert for the device(s) that's issued by your Enterprise CA (must be Enterprise, not Stand-Alone) or add the self-signed cert from each device to every machine via GPO.

    To generate a cert from the device, you will need to first generate a Certificate Request on the device.  It needs to be a Base-64-encoded certificate request (CMC or PKCS #10 or PKCS #7). Your vendor can help you with that.  It will look like about 20 lines of random text, usually exported to a text file.  Go to http://yourCAserver/certsrv. Click the following:  Request a Certificate -> Advanced Certificate Request -> Submit a Certificate Request by using...   Then Paste in the entire text from the file (i've attached an example request file)
    LVL 8

    Expert Comment

    oops.  hit enter.. DOH!

    Select the Web Server template and click submit.  It will process your Cert request and allow you to download the certificate.  Take the resulting file and apply it to your device, using your vendor's instructions.

    You can also add a Self-Signed cert to all computers via GPO (Computer->Windows Settings->Security Settings->Public Key Policies) Import the cert into Enterprise Trust (or is it Trusted Root Certificate Authorities?  one of those...)

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    This video discusses moving either the default database or any database to a new volume.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now