How to deploy the Private SSL root CA to a workstation with Windows Server 2012 using GPO
Pre-requirements:
- Windows Server 2012 with Domain Controller role
- Trusted Root certificate file that need to be deployed
A. Steps to Import the certificate into the GPO manager
1. Login to your Domain Controller server as Administrator.
2. On Search function search for Group Policy Management .
3. The GPO management will be opened.
4. Expand your Forest:
5. Expand Domains under your Forest.
6. Expand your domain - in this case HANS-DC.LOCAL .
7. Expand Domain Controllers . Under Domain Controllers, select Default Domain Controllers Policy . Right click and select Edit .
8. The default domain controllers policy window will be opened.
9. Expand Policies under Computer Configuration
11. Expand Window Settings under Policies.
12. Expand Security Settings under Windows Settings.
13. Expand Public Key Polices under Security Settings.
13. Select Trusted Root Certification Authorities . Right click and select Import .
14. The import window will be opened. Click Next to continue.
15. Click on Browse button and select your Root CA certificate that need to be deployed. Click Open and Next.
Click Finished. Your certificate is now being imported to the GPO manager.
B. Deploy the certificate to every workstation
1. Select Default Domain Policy under your domain name. Right click and select Edit .
2. The Group Policy Manager window will be opened.
3. Expand Policies under Computer Configuration.
4. Expand Windows Settings under Policies.
5. Under Windows Settings, expand Security Settings .
6. Under Security Settings, expand Public Key Policies .
7. Under Public Key Policies, select Trusted Root Certification Authorities . Right click and select Import .
8. The import window will be opened. Click Next to continue.
9. Click on Browse button and select your Root CA certificate that need to be deployed. Click Open and Next .
10. Click Finish button to complete the import step.
At this point the steps are completed. Each workstation will receive this certificate when they login to the domain.
You may also force a GPO update if a particular use cannot restart their system. The command to force GPO update is:
Drive>gpupdate /force
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use 1-800 numbers for one-touch dialing.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
| Country | Number |
| Australia |
0011 - 800-3687-7863
1-800-767-513 |
| Austria | 00 - 800-3687-7863 |
| Belgium | 00 - 800-3687-7863 |
| Denmark | 00 - 800-3687-7863 |
| Finland |
990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet) |
| France | 00 - 800-3687-7863 |
| Germany | 00 - 800-3687-7863 |
| Hong Kong |
001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax) |
| Ireland | 00 - 800-3687-7863 |
| Israel | 014 - 800-3687-7863 |
| Italy | 00 - 800-3687-7863 |
| Japan |
001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ) 0061 - 800-3687-7863 (IDC) |
| Korea |
001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom) |
| Malaysia | 00 - 800-3687-7863 |
| Netherlands | 00 - 800-3687-7863 |
| New Zealand |
00 - 800-3687-7863
0800-4413101 |
| Norway | 00 - 800-3687-7863 |
| Singapore | 001 - 800-3687-7863 |
| Spain | 00 - 800-3687-7863 |
| Sweden |
00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2) |
| Switzerland | 00 - 800-3687-7863 |
| Taiwan | 00 - 800-3687-7863 |
| United Kingdom |
00 - 800-3687-7863
0800 121 6078 +44 (0) 118 953 3088 |