How can I push Virginia Tech Root CA cert via Active Directory?
Author: Zeb Bowden (zbowden@vt.edu) Version: 1.0 Step 0: On a machine you will push the Virginia Tech Root CA cert to, browse to https://ra.eprov.iad.vt.edu and make sure you get an SSL warning saying the certificate was issued by a company you haven’t chosen to trust. Step 1: Get Root CA cert from http://www.pki.vt.edu/ (Click install Virginia Tech Root CA Certificate, then download the certificate in CER or CRT format) Step 2: Create a new Group Policy Object either as a domain level policy or on a particular OU. We suggest starting out with an OU with a limited number of non-production workstations accounts. Step 3: 1. Edit your new GPO: Navigate to Computer Configuration->Windows Settings->Security Settings->Public Key Policies. 2. Right click Trusted Root CA’s and select All Tasks and then Import. (This will bring up a Certificate Import Wizard.) 3. Click Next, and then browse to the certificate file you downloaded in Step 1. 4. Click Next. 5. Click next again (you want this certi
Author: Zeb Bowden (zbowden@vt.edu) Version: 1.0 Step 0: On a machine you will push the Virginia Tech Root CA cert to, browse to https://ra.eprov.iad.vt.edu and make sure you get an SSL warning saying the certificate was issued by a company you haven’t chosen to trust. Step 1: Get Root CA cert from http://www.pki.vt.edu/ (Click install Virginia Tech Root CA Certificate, then download the certificate in CER or CRT format) Step 2: Create a new Group Policy Object either as a domain level policy or on a particular OU. We suggest starting out with an OU with a limited number of non-production workstations accounts. Step 3: 1. Edit your new GPO: Navigate to Computer Configuration->Windows Settings->Security Settings->Public Key Policies. 2. Right click Trusted Root CA’s and select All Tasks and then Import. (This will bring up a Certificate Import Wizard.) 3. Click Next, and then browse to the certificate file you downloaded in Step 1. 4. Click Next. 5. Click next again (you want this certi