Solved

How do you distribute the Root Cert from Enterprise CA?

Posted on 2011-03-02
5
684 Views
Last Modified: 2012-05-11
In setting up a new Lync 2010 server, I discovered that we needed an internal CA.  I've set up an Enterprise Root CA on a Server 2008 Enterprise server...that seems to have gone well with no apparent issues.

I went back to the Lync install to do the cert request.  It went through the motions and automatically did the request, seeing the new CA and all looks well...but it still failed.  Apparently, I have missed some step in distributing the new Root CA cert to my domain.  Can someone point me to a resource that gives a step-by-step method to complete that item?
0
Comment
Question by:RickCurtis
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 35019301
not hard enough to bother with a guide, seriously :)

the main method is group policy - just go into your domain's group policy object and locate Computer Configuration-->Windows Settings-->Security Settings-->Public Key Policies-->Trusted Root Certification Authorities and insert your root CA there. all workstations subject to the policy should get the certificate next time they update.
0
 

Author Comment

by:RickCurtis
ID: 35019613
I created a new GPO to handle this.  There's no settings to edit there...that folder is blank.  Same in my Default Domain policy.  What exactly do you mean by "insert your root CA there"?
0
 

Author Comment

by:RickCurtis
ID: 35019638
OK...I think I know part of this.  Apparently you do an import...but where do I "get" the file to import?
0
 

Author Comment

by:RickCurtis
ID: 35019835
Found this part on my own...

You browse to your CA server
http://yourcertserver/certsrv

from there you can download the cert file & then do the import.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35026120
yes, your ca certificate is exported in order to import - use pem or der format, without secret key (so a CER file)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question