How to distribute your cert via AD

Hi all,

I recently updated the cert on my storage array – still a self signed one but one that had all the correct info.  I manually added the cert to my local Windows and I was able to connect to the array without any of the silly prompts.  But how could I add that cert for everyone else?  A few quick Google searches were not that helpful.  But here is what I figured out and works.

I used the Default Domain policy object as I wanted everyone to have this cert.

Default Domain policy
Default Domain policy

I clicked on the white space for Trusted Root Certification Authorities and run the import wizard.  And that worked and we can see bosarray01.pml.com is in the Issue to column.

Now after a certain amount of time this certificate will be on the computers.  But I did not wait.  So I used the command I have used for years to hurry this sort of thing along.

gpupdate /force

However, it required a restart on each of the machines I ran this command on.  Normally with most changes in AD Group Policy a restart is not really necessary when doing a gpupdate.

gpupdate2

What this means to me if you do nothing after updating the Default Domain policy is that it will take a while for your users to see this change.  A restart would be needed.  Not sure how to get around this.

Hope that this helps,

Michael

=== END ===

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s