0

Given we have the following network/CA structure:

Win2K8R2 - Root CA - no idea where its' certificate is?

Win2K8R2 - Sub CA - obtained CA certificate from Root CA

Win2K8R2 - OWA 2010 (Basically, a Web Server) - obtained an SSL certificate from SubCA

A client connects to the OWA web site and get's a warning, that the authority that has issued a certificate is not in trusted store.

Question:

What is the secure way to obtain a root CA certificate to import it to a trusted CA store on a client machine, given that I have an admin access to a Root CA.

Thank you.

maweeras
  • 2,734
  • 2
  • 17
  • 23
Maxim V. Pavlov
  • 663
  • 3
  • 11
  • 29

1 Answers1

1

The simplest way is to naviagte to https:///CertSrv authenticate and then click on "Download a CA certificate, certificate chain, or CRL".

Another way is to connect to the CA server, start an MMC, add a "certificates" snap-in, point it to "computer account", navigate to "personal"\"certificates" and then export the root.

Edit: once you have the certificate, you can either import it directly on the target machine or distribute it across your whole domain using GPO.

Stephane
  • 6,432
  • 3
  • 26
  • 47