• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 704
  • Last Modified:

How do you distribute the Root Cert from Enterprise CA?

In setting up a new Lync 2010 server, I discovered that we needed an internal CA.  I've set up an Enterprise Root CA on a Server 2008 Enterprise server...that seems to have gone well with no apparent issues.

I went back to the Lync install to do the cert request.  It went through the motions and automatically did the request, seeing the new CA and all looks well...but it still failed.  Apparently, I have missed some step in distributing the new Root CA cert to my domain.  Can someone point me to a resource that gives a step-by-step method to complete that item?
0
RickCurtis
Asked:
RickCurtis
  • 3
  • 2
1 Solution
 
Dave HoweSoftware and Hardware EngineerCommented:
not hard enough to bother with a guide, seriously :)

the main method is group policy - just go into your domain's group policy object and locate Computer Configuration-->Windows Settings-->Security Settings-->Public Key Policies-->Trusted Root Certification Authorities and insert your root CA there. all workstations subject to the policy should get the certificate next time they update.
0
 
RickCurtisAuthor Commented:
I created a new GPO to handle this.  There's no settings to edit there...that folder is blank.  Same in my Default Domain policy.  What exactly do you mean by "insert your root CA there"?
0
 
RickCurtisAuthor Commented:
OK...I think I know part of this.  Apparently you do an import...but where do I "get" the file to import?
0
 
RickCurtisAuthor Commented:
Found this part on my own...

You browse to your CA server
http://yourcertserver/certsrv

from there you can download the cert file & then do the import.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
yes, your ca certificate is exported in order to import - use pem or der format, without secret key (so a CER file)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now