GPO: Deploy a certificate

Presentation

In this tutorial, we will see how to deploy a certificate on computers using a GPO.

Some cases where you may need to distribute a certificate:

  • Internal Certification Authority
  • Appliance certificate for SSL filtering
  • Self-signed web server / rds certificate

Implementation

Export certificate

Operation to be performed on the server where the certificate is installed with the private key.

1. Open the Certificate Management MMC on the local computer and go to the store where the certificate is stored.

2. Select certificate 1, right click on it and go to All Tasks 2 > Export … 3.
Console MMC certificat

3. When the wizard opens, click Next 1.
Assistant export

4. Select No, do not export private key 1 then click Next 2.
Export sans cle privee

5. Select one of the two X.509 formats 1 and click the Next button 2.
Format du certificat

6. Click the Browse button … 1.
Emplacement export

7. Choose folder 1, enter the name of file 2 and press Save 3.
Nom du fichier

8. Validate the path and file name 1 and click Next 2.
Valider l'emplacement

9. Click the Finish button 1 to close the wizard.
Fermer l'assistant

10. Check the creation of the file.
Certificat exporter

11. Place the certificate in a location accessible by your domain control.
Emplacement accessible

Creating the Policy (GPO) to Deploy a Certificate

1. Open the Group Policy Management Console.

2. Right-click on OU 1 then click on Create a GPO in this area, and link it here … 2.
Nouvelle stratégie pour déployer un certificat

3. Name strategy 1 and click OK 2.
Nom de la stratégie

4. Right-click on Strategy 1 and click Edit … 2.
Editer la stratégie

5. Go to the Trusted Root Certification Authorities 1 setting found in: Computer Configuration> Policies> Windows Settings> Security Settings> Public Key Policy. Right click 2 and click Import 3.
Paramètre pour importer un certificat

6. When launching the wizard, click on Next 1.
Assistant d'importation

7. Click Browse … 1.
Cliquer sur parcourrir

8. Go to file location 1, select certificate 2 and click Open 3.
Sélectionner le fichier

9. Back on the wizard click Next 1.
Passer à l'étape suivante

10. Not being able to select the store, click Next 1.
Valider le magasin

11. Click Finish 1 to import the certificate.
Fermer l'assistant pour lancer l'import

12. Click OK 1 to confirm the import.
Import réussi

13. The imported certificate should be displayed at Parameters 1.
Certificat visible

14. Settings of the strategy:
Résumé de la GPO

Validation

1. Restart your client computer.

2. Log in to the computer.

3. Open the certificate management MMC on the local computer and go to Trusted Root Certification Authority 1 and check for the presence of certificate 2.
Certificat sur le poste client


Related Posts


GPO: Deploy RemoteApp Programs
Introduction In this tutorial we will see how to deploy RemoteApp configured by Group Policy (GPO) on an RDS farm. Prerequisites The deployment of the RDS farm must have: A server with the RD Web Access service. A collection of configured with remote

GPO: Run a script when the computer starts
Presentation In this article, we will see how to set up a script that runs at startup of the post using Group Policy (GPO). The advantage of using this type of script is that it is executed with the Administrators rights, which makes it possible to l

Apply a GPO to a group
Introduction In this article, I will explain how to apply a Group Policy (GPO) to an Active Directory group that contains multiple users. The tutorial also applies in case you want to apply the policy to a particular user. Prerequisites Have created

Leave a Comment