Solved

GPO setting to export Root and Intermediate Certificates to client machines?

Posted on 2014-09-30
2
184 Views
Last Modified: 2014-10-21
Hello there,

Please advise what is the GPO settings I need to use to exported Root and Intermediate certificates to client machines?

Thanks and Regards
0
Comment
Question by:goprasad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40353584
Group Policy has a predefined setting to push out root certs. Normally, intermediate certs need not be pushed - the authority reference field in the endpoint certificate allows the client to pull those as needed. However, if you really want to push those to a machine (for offline use, for example) then they are just registry keys. Import the intermediate locally, then search for its thumbprint (hash) value. For example;
CertificateShows the intermediate "DigiCert High Assurance CA-3" With Thumbprint selected and
RegistryShows the registry key that matches this certificate.
Exporting this allows you to embed it into the GPO; optionally, you can move between
KEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates (per-user profile certs) and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates (per-machine profile certs) by exporting in REGEDIT4 format and editing in notepad.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 40353738
When you go into Computer Configuration > Windows Settings > Security Settings > Public Key Policy   do you see Intermediate Certification Authorities.

If you do you can add the intermediate key there to push to users computers.

http://www.techrepublic.com/blog/the-enterprise-cloud/provision-an-intermediate-certificate-through-group-policy
http://technet.microsoft.com/en-us/library/cc772491.aspx
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question