I recently updated the cert on my storage array – still a self signed one but one that had all the correct info. I manually added the cert to my local Windows and I was able to connect to the array without any of the silly prompts. But how could I add that cert for everyone else? A few quick Google searches were not that helpful. But here is what I figured out and works.
I used the Default Domain policy object as I wanted everyone to have this cert.
I clicked on the white space for Trusted Root Certification Authorities and run the import wizard. And that worked and we can see bosarray01.pml.com is in the Issue to column.
Now after a certain amount of time this certificate will be on the computers. But I did not wait. So I used the command I have used for years to hurry this sort of thing along.
However, it required a restart on each of the machines I ran this command on. Normally with most changes in AD Group Policy a restart is not really necessary when doing a gpupdate.
What this means to me if you do nothing after updating the Default Domain policy is that it will take a while for your users to see this change. A restart would be needed. Not sure how to get around this.
Hope that this helps,
=== END ===