Permanent SSL Certificate Permanent Installation Using AD Group Policy

ASAMED 1 Reputation point
2020-10-04T07:48:04.327+00:00

Dear,

Expecting your valuable technical reference for SSL certificate for domain users using AD GPO.

We have installed SSL certificate using link(https://social.technet.microsoft.com/Forums/windows/en-US/7f3df910-7b0a-4d5c-a4c0-3f77859cbf8c/create-a-self-signed-certificate-server-2012-r2?forum=winserverTS), unfortunately when configured GPO is disabled /deleted certificate is deleted from enduser machine.

how can we permanently install ssl certificate on domain clients pc's.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,528 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Daisy Zhou 17,241 Reputation points Microsoft Vendor
    2020-10-05T08:06:46.337+00:00

    Hello @ASAMED ,

    Thank you for posting here.

    To further narrow down our issue, we would like to get more detailed information. Would you please help to collect the following information:

    1.Would you please tell us where your SSL certificate is from (your SSL certificate is issued from your internal CA server or from third-part CA or self-sign certificate or root CA certificate)?
    2.Is your SSL certificate user certificate or computer certificate? In other word, we want to put this SSL certificate in Certificate - Current User\ Personal or Trusted Root Certification Authority?

    or Certificates - Local Computer \Personal or Trusted Root Certification Authority?

    30172-store.png

    3.What GPO setting do you configure?

    Thank you for your understanding and time.

    Best Regards,
    Daisy Zhou

    0 comments No comments

  2. ASAMED 1 Reputation point
    2020-10-05T10:07:41.113+00:00

    Hi Daisy Zhou,

    Thanks for your response.
    Requested details are mentioned below.

    1. Certificate which we generated from internal server.
    2. Our certificate is client authentication report & need to install as local computer trusted root certificate.

    Certificates (Local Computer)--> Trusted Root Certification Authority--> Certificates.

    1. We put Certificate in share folder (all users have read access) & GPO Settings are:-

    Computer configuration--> Policies--> Windows Settings --> Security Settings -->Public Key Policies--> Trusted Root Certification Authorities and imported certificate.

    Now certificate is installed but whenever GPO disabled installed certificate automatically deleted from user pc.

    Thanks

    0 comments No comments

  3. Daisy Zhou 17,241 Reputation points Microsoft Vendor
    2020-10-13T01:18:44.147+00:00

    Hello @ASAMED ,

    Thank you for your update. I am sorry for the late reply.

    If we want to install certificates as local computer trusted root certificate via GPO, the GPO setting you mentioned is correct.

    Do you mean disable GPO as below, right click GPO object and uncheck "Link Enabled"? If so, once we disabled GPO, the GPO will not apply, I mean installed certificate will automatically deleted from user pc. This is an expected behavior.

    31819-dis1.png

    But why do you want to disable GPO with installing certificates as local computer trusted root certificate setting?

    Best Regards,
    Daisy Zhou