How to distribute your cert via AD

Hi all,

I recently updated the cert on my storage array – still a self signed one but one that had all the correct info.  I manually added the cert to my local Windows and I was able to connect to the array without any of the silly prompts.  But how could I add that cert for everyone else?  A few quick Google searches were not that helpful.  But here is what I figured out and works.

I used the Default Domain policy object as I wanted everyone to have this cert.

Default Domain policy
Default Domain policy

I clicked on the white space for Trusted Root Certification Authorities and run the import wizard.  And that worked and we can see is in the Issue to column.

Now after a certain amount of time this certificate will be on the computers.  But I did not wait.  So I used the command I have used for years to hurry this sort of thing along.

gpupdate /force

However, it required a restart on each of the machines I ran this command on.  Normally with most changes in AD Group Policy a restart is not really necessary when doing a gpupdate.


What this means to me if you do nothing after updating the Default Domain policy is that it will take a while for your users to see this change.  A restart would be needed.  Not sure how to get around this.

Hope that this helps,


=== END ===

Leave a Reply