Rolling out SSL certificate

Yep!

Import your certificate into a new policy under:

Computer Settings, Windows Settings, Security Settings, Public Key Policies/Trusted Root Certification Authorities - right click and import.  

Then simply locate your certificate

Then link to GPO to the OU you want..

cheers

I added the certificate and then enforced the policy, loged off loged back on and tryed it and it didnt work. I checked gpedit.msc and seems like the policy is not enforced... any ideas?

Run a RSOP (Resultant Set Of Policies) on your test PC to see if it is picking up your new policy or not.

To get a RSOP - Start Run MMC, Add/Remove SnapIn - Add and choose RSOP

Close and OK takes you back to your MMC - right-click on RSOP and Generate

You can then check the Computer Settings, Windows Settings,Security Settings,Publick Key Policies/Trusted Root Certification Authorites to see if your test PC has picked up the new policy.

Gotta head home now - catch up tomorrow if no-one else can help in the meantime..

Additionally -
Enforcing the policy only means it will break through any "blocking Inheritence" you may set and it applies over the top of policies set further down the heirachy tree..

Dont use "Enforce" unless you really need it.

On your client test PC run a "GPUPDATE / force" to get it to update it's policy

cheers

Thanks for you help on it so far i managed to vreate a new GPO import the certificate, but when i do gpupdate /force, it says its completed but it still doesnt roll it out :( what can be wrong with my active directory?

Have you done a RSOP?  It will show you what policies are being applied.

Yeah it shows which policies are being applied but it doesnt show me that the certificate is being applied.

Is the policy that contains the certificate being applied?

Make sure the OU you are Linking the policy to contains COMPUTERS as it's a Computer setting we are trying to apply

No because i cant link it to the computer uo the reason for that is because its the default computer that comes with AD and it doesnt go in it. I dont have an option to add a GPO to that UO. I hope you understand what i mean.

Yeah i created a new UO moved my computer to it, gpupdate /force my machine then check rsop.msc and it worked the certificate is there. Then i enabled DPI -SSL on my firewall and guess what :) it is still not trusting the certificate :) so it has rolled it out, i am now stuck on how do i get it to work. I downloaded the certificate from my firewall so i am guessing it should accept it.

Could it be something to do with autoenrolment? or maybe you have some other solution?

Sorry - Certificates/SSL aren't really my thing..  AD Group Policy Deployment and SCCM I'm OK on.. ;-(

Now we have it deployed via Group Policy I reckon it might be best to ask a new question - Experts will tend to ignore a question where a thread has continued so long...

Sorry I cant help further!  I wouldnt be the best person to ask! ;-)

Thanks for your help, now i know why some of my policies wasnt working :) and they will now :) closign and thanks for your help again