Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Rolling out SSL certificate

Posted on 2010-09-21
14
Medium Priority
?
788 Views
Last Modified: 2012-05-10
Hello,

I have sonicwall firewall and if i enable DPI - SSL it then rewirtes the certificate and it doesnt match the original, so i was wondering is there a way through active directory to roll out the sonicwall certificate as a trusted certificate?

Thank you

0
Comment
Question by:morlauskas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
14 Comments
 
LVL 8

Expert Comment

by:MarkieS
ID: 33725812
Yep!

Import your certificate into a new policy under:

Computer Settings, Windows Settings, Security Settings, Public Key Policies/Trusted Root Certification Authorities - right click and import.  

Then simply locate your certificate

Then link to GPO to the OU you want..

cheers
0
 

Author Comment

by:morlauskas
ID: 33726040
I added the certificate and then enforced the policy, loged off loged back on and tryed it and it didnt work. I checked gpedit.msc and seems like the policy is not enforced... any ideas?
0
 
LVL 8

Expert Comment

by:MarkieS
ID: 33726095
Run a RSOP (Resultant Set Of Policies) on your test PC to see if it is picking up your new policy or not.

To get a RSOP - Start Run MMC, Add/Remove SnapIn - Add and choose RSOP

Close and OK takes you back to your MMC - right-click on RSOP and Generate

You can then check the Computer Settings, Windows Settings,Security Settings,Publick Key Policies/Trusted Root Certification Authorites to see if your test PC has picked up the new policy.

Gotta head home now - catch up tomorrow if no-one else can help in the meantime..

0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 8

Expert Comment

by:MarkieS
ID: 33726128
Additionally -
Enforcing the policy only means it will break through any "blocking Inheritence" you may set and it applies over the top of policies set further down the heirachy tree..

Dont use "Enforce" unless you really need it.

On your client test PC run a "GPUPDATE / force" to get it to update it's policy

cheers
0
 

Author Comment

by:morlauskas
ID: 33726421
Thanks for you help on it so far i managed to vreate a new GPO import the certificate, but when i do gpupdate /force, it says its completed but it still doesnt roll it out :( what can be wrong with my active directory?
0
 
LVL 8

Expert Comment

by:MarkieS
ID: 33732979
Have you done a RSOP?  It will show you what policies are being applied.
0
 

Author Comment

by:morlauskas
ID: 33733008
Yeah it shows which policies are being applied but it doesnt show me that the certificate is being applied.
0
 
LVL 8

Expert Comment

by:MarkieS
ID: 33733022
Is the policy that contains the certificate being applied?
0
 
LVL 8

Expert Comment

by:MarkieS
ID: 33733034
Make sure the OU you are Linking the policy to contains COMPUTERS as it's a Computer setting we are trying to apply
0
 

Author Comment

by:morlauskas
ID: 33733037
No because i cant link it to the computer uo the reason for that is because its the default computer that comes with AD and it doesnt go in it. I dont have an option to add a GPO to that UO. I hope you understand what i mean.
0
 
LVL 8

Accepted Solution

by:
MarkieS earned 2000 total points
ID: 33733083
OK - We're getting somewhere.

For the Group Policy to work there are two sections.  Computers settings and User settings.

If you have a GPO that has COMPUTER settings in it, and you apply it to an OU that contains Users - nothing will happen.
If you have a GPO that has USER settings in it, and you apply it to an OU that contains Computers - nothing will happen.
(In order to make this work you have to use Loopback but ... don't go there for now!)

So you need COMPUTER settings applied to Computers and USER settings applied to users.

So you need to apply your GPO to the OU which contains the Computer account you want this to work on.

In Active Directory Users and Computers - Go to View, Advanced - does this help?

Can you move your Computer Account in Active Directory to another OU you can manage?

0
 

Author Comment

by:morlauskas
ID: 33733149
Yeah i created a new UO moved my computer to it, gpupdate /force my machine then check rsop.msc and it worked the certificate is there. Then i enabled DPI -SSL on my firewall and guess what :) it is still not trusting the certificate :) so it has rolled it out, i am now stuck on how do i get it to work. I downloaded the certificate from my firewall so i am guessing it should accept it.

Could it be something to do with autoenrolment? or maybe you have some other solution?
0
 
LVL 8

Expert Comment

by:MarkieS
ID: 33733223
Sorry - Certificates/SSL aren't really my thing..  AD Group Policy Deployment and SCCM I'm OK on.. ;-(

Now we have it deployed via Group Policy I reckon it might be best to ask a new question - Experts will tend to ignore a question where a thread has continued so long...

Sorry I cant help further!  I wouldnt be the best person to ask! ;-)
0
 

Author Comment

by:morlauskas
ID: 33733261
Thanks for your help, now i know why some of my policies wasnt working :) and they will now :) closign and thanks for your help again
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question