Pushing a root certificate to clients with Active Directory

This instruction is to be seen as short guide and should always be verified with Microsoft Windows documentation. Depending on which version of Windows is used these instructions may be outdated.

Perform these steps to push a root certificate to the clients with active directory:

  1. Open the Active Directory Users and Computers.
  2. On the OU (Organization Unit) where the client (computers) are located (or on an OU above the clients), right-click and select Properties.
  3. On the Properties page, create a new Group Policy Object (or reuse an existing). Select it and click Edit.
  4. In the Group Policy Object Editor, expand Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities.
  5. Right-click on the Trusted Root Certification Authorities and select Import….
  6. In the Wizard point out the root certificate (it is important that it is the root certificate and not the SSL certificate). The root certificate can be downloaded from the certificate services web console.
  7. Close the Group Policy Object Editor. The users may have to restart their machines in order for the certificate to be distributed.