Add a trusted root certification authority to a Group Policy object

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To add a trusted root certification authority to a Group Policy object

  1. Open the Group Policy object (GPO) that you want to edit.

  2. In the console tree, click Trusted Root Certification Authorities.


    • Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
  3. On the Action menu, point to All Tasks, and then click Import.

    This starts the Certificate Import Wizard, which guides you through the process of importing a root certificate and installing it as a trusted root certification authority (CA) for this GPO.


  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open a GPO, see Group Policy (pre-GPMC).

  • This procedure does not apply to Local Policy objects.

  • You can import a trusted root certificate from a PKCSĀ #12 file (.pfx, .p12), a PKCSĀ #7 file (.spc, .p7b), a certificate file (.cer, .crt), or a Microsoft serialized certificate store file (.sst).

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also


Public Key Policies How To ...
Automatic certificate request settings
Automatic certificate request policy
Working with MMC console files
Deploying a Public Key Infrastructure