Deploying a Self-Signed Root Certificate with Group Policy
- To get a copy of the certificate into a file so that it can be imported into Group Policy, click View Certificate. The certificate is displayed.
- Select the Details tab and then click Copy to File.
- Select Cryptographic Message Syntax Standards (PKCS #7) as the file format and then click Next.
- When prompted for a filename, enter a name with the .p7b extension.
- Copy the file to the Windows Server with the Group Policy Management.
Deploying the Certificate with Group Policy
- Launch the Group Policy Manager and navigate to the object that corresponds too the policy on which the certificate will be used. I prefer the Default Domain Policy because there is no need to deploy this certificate through the entire enterprise. Right click on the selected object and select Edit.
- Select Computer Configuration > Windows Settings >Security Settings >Public Key Policies.
- Right-click the Trusted Root Certification Authorities folder and then select Import.
- In the Certificate Import Wizard, browse to the location of the certificate file you saved to this server and then click Next. The Certificate Store screen displays.
- Click NEXT and then click Finish to import the certificate. It now appears in the Group Policy object. The next time a user logs in, these settings will be applied and the certificate will be trusted by Internet Explorer.