Solved

GPO setting to export Root and Intermediate Certificates to client machines?

Posted on 2014-09-30
2
171 Views
Last Modified: 2014-10-21
Hello there,

Please advise what is the GPO settings I need to use to exported Root and Intermediate certificates to client machines?

Thanks and Regards
0
Comment
Question by:goprasad
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40353584
Group Policy has a predefined setting to push out root certs. Normally, intermediate certs need not be pushed - the authority reference field in the endpoint certificate allows the client to pull those as needed. However, if you really want to push those to a machine (for offline use, for example) then they are just registry keys. Import the intermediate locally, then search for its thumbprint (hash) value. For example;
CertificateShows the intermediate "DigiCert High Assurance CA-3" With Thumbprint selected and
RegistryShows the registry key that matches this certificate.
Exporting this allows you to embed it into the GPO; optionally, you can move between
KEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates (per-user profile certs) and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates (per-machine profile certs) by exporting in REGEDIT4 format and editing in notepad.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 40353738
When you go into Computer Configuration > Windows Settings > Security Settings > Public Key Policy   do you see Intermediate Certification Authorities.

If you do you can add the intermediate key there to push to users computers.

http://www.techrepublic.com/blog/the-enterprise-cloud/provision-an-intermediate-certificate-through-group-policy
http://technet.microsoft.com/en-us/library/cc772491.aspx
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question