Pushing certification out via Active Directory on Windows 2003 Domain

Tags:
Active Directory
Certificates
Group Policy
Microsoft Windows Server 2003
Windows Server 2003 Domain
We've setup an internal website that contains a certificate that IE flags. I've tried pushing the cert out via AD using group policy, but most of our users are still being prompted about the certificate. I've imported the certifcate under Computer Config - Windows Settings - Security Settings - Public Key Policies - Trusted Root Certificates. I have pushed this out weeks ago. Why are some of the XP stations not working with it?

Software/Hardware used:
Windows 2003 Domain, Active Directory

Answer Wiki

Thanks. We'll let you know when a new response is added.

You have the right considerations.

That Is, it sounds like you are also defining your own root certificate authority, an internal authority. After all, its only one internal web site; why should you pay for someone to host a root authority for you? (Answer: because its cheaper in the long run. Now your internal root authority must be available whenever and wherever clients many need it, and eventually this means externally. I know, not today, not by design, … but in the long run. Buying a certificate from an established CA for these simple cases avoids the need to host your own CA today and avoids a migration tomorrow. By you live, you learn …)

Your authority must be added to the list of trusted root authorities. You’ve updated AD and most clients have the update. Some XP clients do not. Time to troubleshoot the clients …

Is automatic updating of trusted root certificates enabled?

http://technet.microsoft.com/en-us/library/cc786443%28WS.10%29.aspx

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following