I am having some trouble tracking down a problem with SSL Certs (specifically EV) with computers that have group policies applied.
Basically I feel that Group Policies are prohibiting IE8 from importing the certificates to show that a site has Extended Validation enabled. They are able to get to the websites and correctly show the SSL lock in IE. But they aren't able to view the 'green' address bar.
If I remove the computer from group policies and reboot, then try visiting a site, gmail.com for example, the address bar turns green and notes the extended validation.
If I then switch the computer back to a group policy it will correctly show the EV cert. But not until it is removed from group policies and can hit the website to obtain the cert and finally put back behind a group policy.
I have checked the few settings that group policies can configure but they never seem to enable what I am looking for.
I am mainly focusing in -> Computer Config -> Policies -> Windows Settings -> Security Settings -> Public Key Policies
Our environment is as follows.. Windows Server 2008 Domain / Active Directory / Group Policies. Clients are XP (sp3) and 7. IE8 is the browser in question. We do use an internet proxy (Postini) but have tested on and off the proxy and that doesn't seem to make a difference.
So I just cannot figure out what the problem is. Any help would be much appreciated. Thank you.