Pushing SSL Certificates – Windows

You can push SSL certificates to client computers through the use of a Group Policy in an Active Directory or another server environment.

Note: This procedure requires membership in Domains Admins, Enterprise Admins, or the equivalent in Active Directory Domain Services (AD DS).

Follow these steps to distribute SSL certificates to client computers using Group Policy:

  1. On a domain controller in the forest of the account partner organization, click Start, point to Administrative Tools, and then click Group Policy Management.
  2. Find an existing Group Policy object (GPO) or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit (OU) where the appropriate user and computer accounts reside.
  3. Right-click the GPO, and then click Edit.
  4. In the console tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies, right-click Trusted Root Certification Authorities, and then click Import.
  5. On the Welcome to the Certificate Import Wizard page, click Next.
  6. On the File to Import page, type the path to the appropriate certificate files (for example, \\adfsresource\c$\adfsresource.cer), and then click Next.
  7. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
  8. On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.
  9. Repeat steps 2 through 6 to add additional certificates for each of the AD DS servers.