daveaths
asked on
push out p12 certificate to computers on windows 2008 domain
trying to eliminate some administrative overhead here...
Have a client that we exchange information with (via web based portal) using a certificate that they have provided to our company. We have incorporated this functionality into another web based application.
When we import the .p12 certificate they provided manually on a computer, everything works fine, however we have been trying to get it to push out using a domain policy rather than manually installing this thing on every computer, and when it expires, repeating the process.
Efforts to add it to the domain policy editor under
> computer configuration/windows settings/Public Key Policies/Trusted Root Certification Authorities
results in it effectively not being installed (though looking on the computer it is there, the web page simply does not display because the certificate is not there... catch 22).
Manually going to a computer and importing the certificate, everything works as expected.
Thoughts, ideas, something I am misunderstanding?
Have a client that we exchange information with (via web based portal) using a certificate that they have provided to our company. We have incorporated this functionality into another web based application.
When we import the .p12 certificate they provided manually on a computer, everything works fine, however we have been trying to get it to push out using a domain policy rather than manually installing this thing on every computer, and when it expires, repeating the process.
Efforts to add it to the domain policy editor under
> computer configuration/windows settings/Public Key Policies/Trusted Root Certification Authorities
results in it effectively not being installed (though looking on the computer it is there, the web page simply does not display because the certificate is not there... catch 22).
Manually going to a computer and importing the certificate, everything works as expected.
Thoughts, ideas, something I am misunderstanding?
Try setting "Certificate Services Client - Auto-Enrollment" to Enabled
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.