Page tree
Skip to end of metadata
Go to start of metadata

To enable for example smart card login, the clients in the domain must trust the certificate authority (CA). That is done by creating a group policy object (GPO).

This article describes one of several ways to create a GPO and add the CA certificates there.


Expand/Collapse All

Prerequisites

 Prerequisites

The following prerequisites apply:

  • A user with rights to create a GPO must be available.

Step-by-step instruction

 Create group policy object (GPO)

To create a group policy object (GPO):

  1. Start the Group Policy Management.

  2. Create a group policy object (GPO).
    In this example we called this Nexus PKI. Normally this GPO should affect all computers in the domain, so the default security group “Authenticated Users” that holds both computers and users.
 Add CA certificates in group policy object (GPO)

To add the CA certificates in the group policy object (GPO):

  1. Edit the GPO and browse to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies.
  2. Import the Root CA to Trusted Root Certification Authorities
  3. Import the Sub CA to Intermediate Certification Authorities