Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPO setting to export Root and Intermediate Certificates to client machines?

Posted on 2014-09-30
2
Medium Priority
?
188 Views
Last Modified: 2014-10-21
Hello there,

Please advise what is the GPO settings I need to use to exported Root and Intermediate certificates to client machines?

Thanks and Regards
0
Comment
Question by:goprasad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 40353584
Group Policy has a predefined setting to push out root certs. Normally, intermediate certs need not be pushed - the authority reference field in the endpoint certificate allows the client to pull those as needed. However, if you really want to push those to a machine (for offline use, for example) then they are just registry keys. Import the intermediate locally, then search for its thumbprint (hash) value. For example;
CertificateShows the intermediate "DigiCert High Assurance CA-3" With Thumbprint selected and
RegistryShows the registry key that matches this certificate.
Exporting this allows you to embed it into the GPO; optionally, you can move between
KEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates (per-user profile certs) and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates (per-machine profile certs) by exporting in REGEDIT4 format and editing in notepad.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 40353738
When you go into Computer Configuration > Windows Settings > Security Settings > Public Key Policy   do you see Intermediate Certification Authorities.

If you do you can add the intermediate key there to push to users computers.

http://www.techrepublic.com/blog/the-enterprise-cloud/provision-an-intermediate-certificate-through-group-policy
http://technet.microsoft.com/en-us/library/cc772491.aspx
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question