Solved

How do you distribute the Root Cert from Enterprise CA?

Posted on 2011-03-02
5
676 Views
Last Modified: 2012-05-11
In setting up a new Lync 2010 server, I discovered that we needed an internal CA.  I've set up an Enterprise Root CA on a Server 2008 Enterprise server...that seems to have gone well with no apparent issues.

I went back to the Lync install to do the cert request.  It went through the motions and automatically did the request, seeing the new CA and all looks well...but it still failed.  Apparently, I have missed some step in distributing the new Root CA cert to my domain.  Can someone point me to a resource that gives a step-by-step method to complete that item?
0
Comment
Question by:RickCurtis
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 35019301
not hard enough to bother with a guide, seriously :)

the main method is group policy - just go into your domain's group policy object and locate Computer Configuration-->Windows Settings-->Security Settings-->Public Key Policies-->Trusted Root Certification Authorities and insert your root CA there. all workstations subject to the policy should get the certificate next time they update.
0
 

Author Comment

by:RickCurtis
ID: 35019613
I created a new GPO to handle this.  There's no settings to edit there...that folder is blank.  Same in my Default Domain policy.  What exactly do you mean by "insert your root CA there"?
0
 

Author Comment

by:RickCurtis
ID: 35019638
OK...I think I know part of this.  Apparently you do an import...but where do I "get" the file to import?
0
 

Author Comment

by:RickCurtis
ID: 35019835
Found this part on my own...

You browse to your CA server
http://yourcertserver/certsrv

from there you can download the cert file & then do the import.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35026120
yes, your ca certificate is exported in order to import - use pem or der format, without secret key (so a CER file)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
A procedure for exporting installed hotfix details of remote computers using powershell
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question