?
Solved

import Windows 2008 certificates from new sister company in different forest

Posted on 2012-03-22
2
Medium Priority
?
245 Views
Last Modified: 2012-03-23
Hello.

I need some guidance on how to import Windows 2008 certificates. My company is small and has a simple Win2008 R2 domain with a single root CA on Win2008 R2. We were just purchased by a large company with root and intermediate CA's, I think on Win2003 R2.

They have their own forest and I have my own forest, which are totally separate. First, we set up an MPLS dedicated T1 circuit between our two companies, and then we established a two-way domain trust. Now, we can see and access each other's servers across the MPLS.

Now, we want to trust each other's Windows certificates, but I'm not sure exactly how to do it. They have provided me with AcmeCorp.cer, AcmeCorpCA.p7b, AcmeCorp-Enterprise-CA.cer and AcmeCorp-IntermediateCA1.cer files.

I went into the Certificates MMC and see an Import option under Trusted Root Certification Autorities, Enterprise Trust, etc. But I'm not sure which certificate goes where, or if I'm even in the right place.

Thanks.
0
Comment
Question by:JohnValue
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Accepted Solution

by:
James Haywood earned 500 total points
ID: 37756177
Import them all into Trusted Root Certification Authorities.

To deploy these certificates out to all your machines use the GPO setting:

\\computer configuration\Windows Settings\Security Settings\Public Key Polices\Trusted Publishers

Import all 4 Certs following the wizard.
0
 

Author Closing Comment

by:JohnValue
ID: 37757131
Your solution worked. Thanks.

Specifically, I clicked on the "Certificates" folder under "Trusted Root Certification Authorities", right-click, "All Tasks", "Import". In the Wizard, I selected "Automatically select the certificate store based on the type of certificate" for all four certificates.
Only the AcmeCorpCA and IntermediateCA1 appeared, and only in the "Certificates" folder under "Intermediate Certification Authories". Also, to see them I had the click on each "Certificates" folder and click the refresh button.

Then I went into the Default Domain Policy and imported the certificates as you specified. The AcmeCorpCA.p7b didn't show up in the Trusted Publishers folder, though it said it was successfully imported.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question