Root Certificate deployment by using Group Policy
Open Active directory certificate services
Under Enterprise PKI select root CA from the right side select CA certificate and click view certificate and do the below settings.
Deploying a Self-Signed Root Certificate with Group Policy
- To get a copy of the certificate into a file so that it can be imported into Group Policy, click View Certificate. The certificate is displayed.
- Select the Details tab and then click Copy to File.
- Select Cryptographic Message Syntax Standards (PKCS #7) as the file format and then click Next.
When prompted for a filename, enter a name with the .p7b extension.
- Copy the file to the Windows Server with the Group Policy Management.
Deploying the Certificate with Group Policy
- Launch the Group Policy Manager and navigate to the object that corresponds too the policy on which the certificate will be used. I prefer the Default Domain Policy because there is no need to deploy this certificate through the entire enterprise. Right click on the selected object and select Edit
In the Certificate Import Wizard, browse to the location of the certificate file you saved to this server and then click Next. The Certificate Store screen displays.
Click NEXT and then click Finish to import the certificate. It now appears in the Group Policy object. The next time a user logs in, these settings will be applied and the certificate will be trusted by Internet Explorer.