Re: Deploying Root Cert via GPO

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Dmitry Korolyov [MVP]" <d__k@xxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 28 Aug 2005 23:06:02 +0400

---

My guess would be: everything is ok, because via IE you access your user
certificate store, and by mmc, you are accessing current computer's
certificate store. Since you've imported the cert to computer store, it
shows up there, but doesn't show up in the user store.

--
Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
MVP: Windows Server - Directory Services


"ECEE" <eltonchew@xxxxxxxxxxx> wrote in message
news:1125047690.991020.151880@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> We are trying to push out a trusted root cert using GPO so that user
> can bypass the security prompt when accessing a website protected by a
> certificate issued by the above root cert.
> This is how we approach and test:
>
> 1.Create a new GPO and apply to the server OU.
>
> 2.Under Machine Configuration | Windows Settings | Security Settings |
> Public Key Policies | Trusted Root Certificate Authorities, we imported
> the root certification desired for the bunch of servers.
>
> 3.Logon to one of the server under this GPO scope and perform a
> gpupdate.
>
> 4.Browse into the certificate store via Internet Explorer | Tools |
> Internet Options | Contents | Certificates | Trusted Root Certificate
> Authorities... The imported root cert in "2" CANNOT be found.
>
> 5. Browse into the certificate store using Certificate snapin via mmc.
> Browse under Trusted Root Cerfification Authorities... The imported
> root cert in "2" CAN be found
>
> We have a Windows 2000 AD and the servers in scope are Windows 2003.
>
> Any idea what went wrong?
>
> Thanks in advance
>


.

---

• Follow-Ups:
  • Re: Deploying Root Cert via GPO
    • From: ECEE

• References:
  • Deploying Root Cert via GPO
    • From: ECEE

• Prev by Date: shutdown script and closing network connections
• Next by Date: Re: Adding users to the local groups
• Previous by thread: Deploying Root Cert via GPO
• Next by thread: Re: Deploying Root Cert via GPO
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Certificates with Makecert.exe ... Installing CA root cert on client machines, ... > Would there be any limitation to the ammount of users that> I could distribute this certificate to, and the ammount of> users that would be able to be verified against the private> certificate I create on the server? ... >>If you take care of the trusted root cert on client machine. ... (microsoft.public.inetserver.iis.security) Re: IPSECL2TP issue ... All clients have a copy of the root cert, ... >If you double click the certificate what does it say ... Does client PC trust this ... >> such a user that would be honored by the RAS server. ... (microsoft.public.win2000.security) Re: Validate SSL server certificate?? ... The client must install root-certificate and ca-certificate of server ... WebClient.c I get the server's certificate with QueryContextAttributes, ... a certificate store (CertOpenStore to create a memory store, ... how do I present this memory store to CertGetCertificateChain in such ... (microsoft.public.platformsdk.security) Validate SSL server certificate?? ... computer running a web server or anything like that) ... perform some validation on the certificate returned by the server, ... I get the SSL connection established OK. ... a certificate store (CertOpenStore to create a memory store, ... (microsoft.public.platformsdk.security) Re: OWA, SSL and Certificate question. ... They'll need the root cert in their local ... >have both the server and the clients in the same AD ... certificate authority. ... (microsoft.public.exchange.misc)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.group_policy  > 2005-08