Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do you distribute the Root Cert from Enterprise CA?

Posted on 2011-03-02
5
Medium Priority
?
696 Views
Last Modified: 2012-05-11
In setting up a new Lync 2010 server, I discovered that we needed an internal CA.  I've set up an Enterprise Root CA on a Server 2008 Enterprise server...that seems to have gone well with no apparent issues.

I went back to the Lync install to do the cert request.  It went through the motions and automatically did the request, seeing the new CA and all looks well...but it still failed.  Apparently, I have missed some step in distributing the new Root CA cert to my domain.  Can someone point me to a resource that gives a step-by-step method to complete that item?
0
Comment
Question by:RickCurtis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 35019301
not hard enough to bother with a guide, seriously :)

the main method is group policy - just go into your domain's group policy object and locate Computer Configuration-->Windows Settings-->Security Settings-->Public Key Policies-->Trusted Root Certification Authorities and insert your root CA there. all workstations subject to the policy should get the certificate next time they update.
0
 

Author Comment

by:RickCurtis
ID: 35019613
I created a new GPO to handle this.  There's no settings to edit there...that folder is blank.  Same in my Default Domain policy.  What exactly do you mean by "insert your root CA there"?
0
 

Author Comment

by:RickCurtis
ID: 35019638
OK...I think I know part of this.  Apparently you do an import...but where do I "get" the file to import?
0
 

Author Comment

by:RickCurtis
ID: 35019835
Found this part on my own...

You browse to your CA server
http://yourcertserver/certsrv

from there you can download the cert file & then do the import.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35026120
yes, your ca certificate is exported in order to import - use pem or der format, without secret key (so a CER file)
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question