GPO: Deploy a certificate

Presentation

In this tutorial, we will see how to deploy a certificate on computers using a GPO.

Some cases where you may need to distribute a certificate:

  • Internal Certification Authority
  • Appliance certificate for SSL filtering
  • Self-signed web server / rds certificate

Deploy a certificate by Group Policy

Export certificate

Operation to be performed on the server where the certificate is installed with the private key.

1. Open the Certificate Management MMC on the local computer and go to the store where the certificate is stored.

2. Select certificate 1, right click on it and go to All Tasks 2 > Export … 3.

MMC certificate

3. When the wizard opens, click Next 1.

export Wizard

4. Select No, do not export private key 1 then click Next 2.

Export sans cle privee

5. Select one of the two X.509 formats 1 and click the Next button 2.

Format du certificat

The certificate must be with the extension .cer

6. Click the Browse button … 1.

Export location

7. Choose folder 1, enter the name of file 2 and press Save 3.

Nom du fichier

8. Validate the path and file name 1 and click Next 2.

Valider l'emplacement

9. Click the Finish button 1 to close the wizard.

Fermer l'assistant

10. Check the creation of the file.

Certificat exporter

11. Place the certificate in a location accessible by your domain control.

Emplacement accessible

Creating the Policy (GPO) to Deploy a Certificate

1. Open the Group Policy Management Console.

2. Right-click on OU 1 then click on Create a GPO in this area, and link it here … 2.

Nouvelle stratégie pour déployer un certificat

3. Name strategy 1 and click OK 2.

Nom de la stratégie

4. Right-click on Strategy 1 and click Edit … 2.

Editer la stratégie

5. Go to the Trusted Root Certification Authorities 1 setting found in: Computer Configuration> Policies> Windows Settings> Security Settings> Public Key Policy. Right click 2 and click Import 3.

Paramètre pour importer un certificat

6. When launching the wizard, click on Next 1.

Assistant d'importation

7. Click Browse … 1.

Cliquer sur parcourrir

8. Go to file location 1, select certificate 2 and click Open 3.

Sélectionner le fichier

9. Back on the wizard click Next 1.

Passer à l'étape suivante

10. Not being able to select the store, click Next 1.

Validate the store

11. Click Finish 1 to import the certificate.

Close the wizard to start the import

12. Click OK 1 to confirm the import.

Import successful

13. The imported certificate should be displayed at Parameters 1.

Visible certificate

14. Settings of the strategy:

GPO summary

Validation

1. Restart your client computer.

2. Log in to the computer.

3. Open the certificate management MMC on the local computer and go to Trusted Root Certification Authority 1 and check for the presence of certificate 2.

Certificate on the client workstation



Leave a Comment