Skip to main content

How to deploy the Private SSL root CA to a workstation with Windows Server 2012 using GPO

User-added image

Pre-requirements:

  • Windows Server 2012 with Domain Controller role
  • Trusted Root certificate file that need to be deployed

A. Steps to Import the certificate into the GPO manager

1. Login to your Domain Controller server as Administrator.

2. On Search function search for Group Policy Management .

User-added image

3. The GPO management will be opened.

4. Expand your Forest:

User-added image

5. Expand Domains under your Forest.

User-added image

6. Expand your domain - in this case HANS-DC.LOCAL .

User-added image

7. Expand Domain Controllers . Under Domain Controllers, select Default Domain Controllers Policy . Right click and select Edit .

User-added image

8. The default domain controllers policy window will be opened.

User-added image

9. Expand Policies under Computer Configuration

User-added image

11. Expand Window Settings under Policies.

User-added image

12. Expand Security Settings under Windows Settings.

User-added image

13. Expand Public Key Polices under Security Settings.

User-added image

13. Select Trusted Root Certification Authorities . Right click and select Import .

User-added image

14. The import window will be opened. Click Next to continue.

User-added image

15. Click on Browse button and select your Root CA certificate that need to be deployed. Click Open and Next.

User-added image

Click Finished. Your certificate is now being imported to the GPO manager.

B. Deploy the certificate to every workstation

1. Select Default Domain Policy under your domain name. Right click and select Edit .

User-added image

2. The Group Policy Manager window will be opened.

User-added image

3. Expand Policies under Computer Configuration.

User-added image

4. Expand Windows Settings under Policies.

User-added image

5. Under Windows Settings, expand Security Settings .

User-added image

6. Under Security Settings, expand Public Key Policies .

User-added image

7. Under Public Key Policies, select Trusted Root Certification Authorities . Right click and select Import .

User-added image

8. The import window will be opened. Click Next to continue.

User-added image

9. Click on Browse button and select your Root CA certificate that need to be deployed. Click Open and Next .

User-added image

10. Click Finish button to complete the import step.

User-added image

At this point the steps are completed. Each workstation will receive this certificate when they login to the domain.

You may also force a GPO update if a particular use cannot restart their system. The command to force GPO update is:

Drive>gpupdate /force

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use 1-800 numbers for one-touch dialing.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088