Skip to main content
Skip table of contents

Publish CA certificates to clients

To enable for example smart card login, the clients in the domain must trust the certificate authority (CA). That is done by creating a group policy object (GPO).

This article describes one of several ways to create a GPO and add the CA certificates there.


The following prerequisites apply:

  • A user with rights to create a GPO must be available.

Step-by-step instruction

Create group policy object (GPO)

To create a group policy object (GPO):

  1. Start the Group Policy Management.

  2. Create a group policy object (GPO).
    In this example we called this Nexus PKI. Normally this GPO should affect all computers in the domain, so the default security group “Authenticated Users” that holds both computers and users.
Add CA certificates in group policy object (GPO)

To add the CA certificates in the group policy object (GPO):

  1. Edit the GPO and browse to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies.
  2. Import the Root CA to Trusted Root Certification Authorities
  3. Import the Sub CA to Intermediate Certification Authorities

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.