GPO: Deploy a certificate


In this tutorial, we will see how to deploy a certificate on computers using a GPO.

Some cases where you may need to distribute a certificate:

  • Internal Certification Authority
  • Appliance certificate for SSL filtering
  • Self-signed web server / rds certificate


Export certificate

Operation to be performed on the server where the certificate is installed with the private key.

1. Open the Certificate Management MMC on the local computer and go to the store where the certificate is stored.

2. Select certificate 1, right click on it and go to All Tasks 2 > Export … 3.
Console MMC certificat

3. When the wizard opens, click Next 1.
Assistant export

4. Select No, do not export private key 1 then click Next 2.
Export sans cle privee

5. Select one of the two X.509 formats 1 and click the Next button 2.
Format du certificat

6. Click the Browse button … 1.
Emplacement export

7. Choose folder 1, enter the name of file 2 and press Save 3.
Nom du fichier

8. Validate the path and file name 1 and click Next 2.
Valider l'emplacement

9. Click the Finish button 1 to close the wizard.
Fermer l'assistant

10. Check the creation of the file.
Certificat exporter

11. Place the certificate in a location accessible by your domain control.
Emplacement accessible

Creating the Policy (GPO) to Deploy a Certificate

1. Open the Group Policy Management Console.

2. Right-click on OU 1 then click on Create a GPO in this area, and link it here … 2.
Nouvelle stratégie pour déployer un certificat

3. Name strategy 1 and click OK 2.
Nom de la stratégie

4. Right-click on Strategy 1 and click Edit … 2.
Editer la stratégie

5. Go to the Trusted Root Certification Authorities 1 setting found in: Computer Configuration> Policies> Windows Settings> Security Settings> Public Key Policy. Right click 2 and click Import 3.
Paramètre pour importer un certificat

6. When launching the wizard, click on Next 1.
Assistant d'importation

7. Click Browse … 1.
Cliquer sur parcourrir

8. Go to file location 1, select certificate 2 and click Open 3.
Sélectionner le fichier

9. Back on the wizard click Next 1.
Passer à l'étape suivante

10. Not being able to select the store, click Next 1.
Valider le magasin

11. Click Finish 1 to import the certificate.
Fermer l'assistant pour lancer l'import

12. Click OK 1 to confirm the import.
Import réussi

13. The imported certificate should be displayed at Parameters 1.
Certificat visible

14. Settings of the strategy:
Résumé de la GPO


1. Restart your client computer.

2. Log in to the computer.

3. Open the certificate management MMC on the local computer and go to Trusted Root Certification Authority 1 and check for the presence of certificate 2.
Certificat sur le poste client

Related Posts

GPO: deploy msi applications

Presentation In this article, we will see how to deploy applications in MSI format using Group Policy (GPO). There are two deployment modes : Assigned: Applies mainly to computers, program installatio

GPO: Installing the FusionInventory Agent

Introduction Following the many messages I can see on the forum concerning the installation of the Agent FusionInventory, I will explain how I have been doing for several years. In this article, I'll

GPO: Run a script when the computer starts

Presentation In this article, we will see how to set up a script that runs at startup of the post using Group Policy (GPO). The advantage of using this type of script is that it is executed with the A

Scroll to Top