import Windows 2008 certificates from new sister company in different forest

Hello.

I need some guidance on how to import Windows 2008 certificates. My company is small and has a simple Win2008 R2 domain with a single root CA on Win2008 R2. We were just purchased by a large company with root and intermediate CA's, I think on Win2003 R2.

They have their own forest and I have my own forest, which are totally separate. First, we set up an MPLS dedicated T1 circuit between our two companies, and then we established a two-way domain trust. Now, we can see and access each other's servers across the MPLS.

Now, we want to trust each other's Windows certificates, but I'm not sure exactly how to do it. They have provided me with AcmeCorp.cer, AcmeCorpCA.p7b, AcmeCorp-Enterprise-CA.cer and AcmeCorp-IntermediateCA1.cer files.

I went into the Certificates MMC and see an Import option under Trusted Root Certification Autorities, Enterprise Trust, etc. But I'm not sure which certificate goes where, or if I'm even in the right place.

Thanks.
JohnValueAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James HaywoodCommented:
Import them all into Trusted Root Certification Authorities.

To deploy these certificates out to all your machines use the GPO setting:

\\computer configuration\Windows Settings\Security Settings\Public Key Polices\Trusted Publishers

Import all 4 Certs following the wizard.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnValueAuthor Commented:
Your solution worked. Thanks.

Specifically, I clicked on the "Certificates" folder under "Trusted Root Certification Authorities", right-click, "All Tasks", "Import". In the Wizard, I selected "Automatically select the certificate store based on the type of certificate" for all four certificates.
Only the AcmeCorpCA and IntermediateCA1 appeared, and only in the "Certificates" folder under "Intermediate Certification Authories". Also, to see them I had the click on each "Certificates" folder and click the refresh button.

Then I went into the Default Domain Policy and imported the certificates as you specified. The AcmeCorpCA.p7b didn't show up in the Trusted Publishers folder, though it said it was successfully imported.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.