Solved

How do you distribute the Root Cert from Enterprise CA?

Posted on 2011-03-02
5
671 Views
Last Modified: 2012-05-11
In setting up a new Lync 2010 server, I discovered that we needed an internal CA.  I've set up an Enterprise Root CA on a Server 2008 Enterprise server...that seems to have gone well with no apparent issues.

I went back to the Lync install to do the cert request.  It went through the motions and automatically did the request, seeing the new CA and all looks well...but it still failed.  Apparently, I have missed some step in distributing the new Root CA cert to my domain.  Can someone point me to a resource that gives a step-by-step method to complete that item?
0
Comment
Question by:RickCurtis
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 35019301
not hard enough to bother with a guide, seriously :)

the main method is group policy - just go into your domain's group policy object and locate Computer Configuration-->Windows Settings-->Security Settings-->Public Key Policies-->Trusted Root Certification Authorities and insert your root CA there. all workstations subject to the policy should get the certificate next time they update.
0
 

Author Comment

by:RickCurtis
ID: 35019613
I created a new GPO to handle this.  There's no settings to edit there...that folder is blank.  Same in my Default Domain policy.  What exactly do you mean by "insert your root CA there"?
0
 

Author Comment

by:RickCurtis
ID: 35019638
OK...I think I know part of this.  Apparently you do an import...but where do I "get" the file to import?
0
 

Author Comment

by:RickCurtis
ID: 35019835
Found this part on my own...

You browse to your CA server
http://yourcertserver/certsrv

from there you can download the cert file & then do the import.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35026120
yes, your ca certificate is exported in order to import - use pem or der format, without secret key (so a CER file)
0

Featured Post

Can’t get the mobile email signature right?

Not having any luck when trying to create an email signature for mobile devices? Does the formatting keep messing up? Make sure you have great email signatures on all devices by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now