Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

GPO setting to export Root and Intermediate Certificates to client machines?

Posted on 2014-09-30
2
Medium Priority
?
190 Views
Last Modified: 2014-10-21
Hello there,

Please advise what is the GPO settings I need to use to exported Root and Intermediate certificates to client machines?

Thanks and Regards
0
Comment
Question by:goprasad
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 40353584
Group Policy has a predefined setting to push out root certs. Normally, intermediate certs need not be pushed - the authority reference field in the endpoint certificate allows the client to pull those as needed. However, if you really want to push those to a machine (for offline use, for example) then they are just registry keys. Import the intermediate locally, then search for its thumbprint (hash) value. For example;
CertificateShows the intermediate "DigiCert High Assurance CA-3" With Thumbprint selected and
RegistryShows the registry key that matches this certificate.
Exporting this allows you to embed it into the GPO; optionally, you can move between
KEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates (per-user profile certs) and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates (per-machine profile certs) by exporting in REGEDIT4 format and editing in notepad.
0
 
LVL 24

Expert Comment

by:yo_bee
ID: 40353738
When you go into Computer Configuration > Windows Settings > Security Settings > Public Key Policy   do you see Intermediate Certification Authorities.

If you do you can add the intermediate key there to push to users computers.

http://www.techrepublic.com/blog/the-enterprise-cloud/provision-an-intermediate-certificate-through-group-policy
http://technet.microsoft.com/en-us/library/cc772491.aspx
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question