This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 40%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Dear,
Expecting your valuable technical reference for SSL certificate for domain users using AD GPO.
We have installed SSL certificate using link(https://social.technet.microsoft.com/Forums/windows/en-US/7f3df910-7b0a-4d5c-a4c0-3f77859cbf8c/create-a-self-signed-certificate-server-2012-r2?forum=winserverTS), unfortunately when configured GPO is disabled /deleted certificate is deleted from enduser machine.
how can we permanently install ssl certificate on domain clients pc's.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello @ASAMED ,
Thank you for posting here.
To further narrow down our issue, we would like to get more detailed information. Would you please help to collect the following information:
1.Would you please tell us where your SSL certificate is from (your SSL certificate is issued from your internal CA server or from third-part CA or self-sign certificate or root CA certificate)?
2.Is your SSL certificate user certificate or computer certificate? In other word, we want to put this SSL certificate in Certificate - Current User\ Personal or Trusted Root Certification Authority?
or Certificates - Local Computer \Personal or Trusted Root Certification Authority?
3.What GPO setting do you configure?
Thank you for your understanding and time.
Best Regards,
Daisy Zhou
Hi Daisy Zhou,
Thanks for your response.
Requested details are mentioned below.
Certificates (Local Computer)--> Trusted Root Certification Authority--> Certificates.
Computer configuration--> Policies--> Windows Settings --> Security Settings -->Public Key Policies--> Trusted Root Certification Authorities and imported certificate.
Now certificate is installed but whenever GPO disabled installed certificate automatically deleted from user pc.
Thanks
Hello @ASAMED ,
Thank you for your update. I am sorry for the late reply.
If we want to install certificates as local computer trusted root certificate via GPO, the GPO setting you mentioned is correct.
Do you mean disable GPO as below, right click GPO object and uncheck "Link Enabled"? If so, once we disabled GPO, the GPO will not apply, I mean installed certificate will automatically deleted from user pc. This is an expected behavior.
But why do you want to disable GPO with installing certificates as local computer trusted root certificate setting?
Best Regards,
Daisy Zhou
Hello @ASAMED ,
Good day!
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
Hello @ASAMED ,
I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
Thanks for your time and have a nice day!
Best Regards,
Daisy Zhou