Root CA certificate auto deploy to domain client?

Chong 866 Reputation points
2021-07-27T02:23:00.803+00:00

Hi Support,

When the root CA is domain-joint and standalone CA (offline), will the root certificate deploy to domain client automatically? If yes, the certificate will deploy by which GPO?

Thanks
Chong

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,048 questions
{count} votes

Accepted answer
  1. Hannah Xiong 6,276 Reputation points
    2021-07-27T03:48:12.963+00:00

    Hello @Chong ,

    Thank you so much for posting here.

    If the root CA is standalone offline root CA, we must publish the root certificate into AD using the following command and then the root certificate will be distributed to the trusted root store of all domain joined clients.

    certutil -f -dspublish <RootCACertificate> RootCA

    If the root CA was joined to the domain, this will eventually happen automatically, but it can take up to 8 hours (default GPO application time). To force the issue, reboot a client computer and it will pick up the root CA certificate.

    There is no GPO configured to distribute the root certificate.

    For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.