Q:
Pushing certification out via Active Directory on Windows 2003 Domain
We've setup an internal website that contains a certificate that IE flags.



I've tried pushing the cert out via AD using group policy, but most of our

users are still being prompted about the certificate. I've imported the

certifcate under Computer Config - Windows Settings - Security Settings -

Public Key Policies - Trusted Root Certificates. I have pushed this out

weeks ago.




Why are some of the XP stations not working with it?

Software/Hardware used:
Windows 2003 Domain, Active Directory
ASKED: Nov 9 2009  2:32 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
1035 pts.
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • Bookmark and Share
You have the right considerations.

That Is, it sounds like you are also defining your own root certificate authority, an internal authority. After all, its only one internal web site; why should you pay for someone to host a root authority for you? (Answer: because its cheaper in the long run. Now your internal root authority must be available whenever and wherever clients many need it, and eventually this means externally. I know, not today, not by design, ... but in the long run. Buying a certificate from an established CA for these simple cases avoids the need to host your own CA today and avoids a migration tomorrow. By you live, you learn ...)

Your authority must be added to the list of trusted root authorities. You've updated AD and most clients have the update. Some XP clients do not. Time to troubleshoot the clients ...

Is automatic updating of trusted root certificates enabled?
http://technet.microsoft.com/en-us/library/cc786443%28WS.10%29.aspx
Last Answered: Dec 2 2009  2:24 AM GMT by Rklanke   1035 pts.
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _