I have a root CA which is standalone and I have subordinate CA which is domain joined. I recently renewed the certificate of my root CA and sub CA. How do I push these certificates in the trusted root certificate store on client machines.
Asked
Active
Viewed 2.8k times
1 Answers
13
There are two methods. You can either use Group Policy to distribute the certificates to domain clients, or you can use certutil.exe -dspublish -f <certfilename> RootCA. There are advantages to either method. The dspublish method is simpler, but the Group Policy method is a bit more flexible. Using Group Policy, you can scope the recipients of the certificate(s) to certain OUs, configure extended properties like Extended Validation, OCSP responders, etc.
http://technet.microsoft.com/en-us/library/cc782744(v=WS.10).aspx
OR
But you do not need to do both.
Ryan Ries
- 56,311