How do I deploy an internal certificate authority?

security windows certificate group-policy

IE7 aggressively warns about certificate failure; we have some internal sites that run over HTTPS and thus need a valid cert. We appear to have an certificate authority on the intranet that can sign SSL certs, but we have a problem: how do we mass configure desktops to trust the internal CA?

Is it possible to deploy the internal CA cert locally, via GPO?


The certificate can be distributed by group policy.

From: http://unixwiz.net/techtips/deploy-webcert-gp.html

In the Group Policy Object Editor, navigate down to: Computer Configuration

  • Windows Settings
  • Security Settings
  • Public Key Policies
  • Trusted Root Certification Authorities
  • Then right-click and select Import.

On Debian there's the pyca package for running a CA, however for all it does you basically need to know how OpenSSL's underlying CA support works.

There's always the AD CA tool, however I've found that it's only good for limited uses, perhaps have a main CA using the more capable OpenSSL based tools, then create an interim CA for the Windows stuff?

Related

How to auto-start unprivileged lxc containers?
Running a Batch File from Task Scheduler Without User being logged In
2 DSL lines...any benefit?
Best way to add HKCU keys and values for all existing users and all new users?
Best practices to block social sites
VPN server on Google Compute Engine with OpenVPN
Apache, use X-Forwarded-For for allow
Server 2008 email on Event variables
How to setup MySQL replication with minimal downtime
Debian boot to single-user mode
Sending audit logs to SYSLOG server
SSH sessions hang on shutdown/reboot