Certificate install via AD

I have a new Content filter I am installing on my network. In order for the content filter to filter https SSL traffic, I need to install a certificate to each computer. I would like to add this certificate to my AD instead if possible. I do have a Windows Server 2003 certificate authority in my network, but I am unsure how I would go about adding it.

My choices for downloading the certificate from the Content filter are a PKCS#12 which requires I create an export password, and a PEM certificate which is downloaded and exported from Mozilla as a .CRT X.509 certificate.

I am looking for directions on how I can allow all of my workstations in AD to trust this certificate without manually installing it to each workstation.

Once the certificate is trusted, I am assuming users will be able to browse through the content filter and see the SSL web sites they are trying to reach without getting the error message that the sites certificate cannot be trusted.

Thanks in advance
LVL 5
bcdudleyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StefanKampCommented:
In group policy management; open the GPO which applies to your computers (not users):

Computer configuration, Policies, Windows Settings, Security Settings, Public Key Policies, Trusted Root Certification Authoritý (or which applies); Import the certificate to be trusted. Done. gpupdate /force and you are good to go.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TasmantCommented:
I just would llike to add you can export your certificate with the two parts (public and private) using  PKCS#12. But you shouldn't deploy the private key part to clients computers, just the public key part.
To do this, you need to import your certificate into any client computer (use certmgr.msc).
Once done, you can export the certificate, but this time, don't export the private key part (you won't be prompted for a password, only used to protect your private key). (file extension will be .cer, instead of .pfx).
Now you can delete the certificate in the mmc.
Now,follow "StefanKamp" method to deploy the public key part into the trusted root certification authority store on your whole computers.
bcdudleyAuthor Commented:
Great answers. I was looking in the wrong place and your answers guided me to where I need to be.

The solution was implemented and is up and working now.

Thank you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.