Submit a ticketCall us

WebinarUpcoming Webinar: Easily Automate Backups and Simplify Log Message Management

Backing up your network configuration and logging data are a few steps to helping keep your network safe. In this in-depth webinar, we’ll show you how these tasks can be automated to save your IT team time while maintaining accurate archives of your data.

Register now.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Deploy certificates using Group Policy

Deploy certificates using Group Policy

Table of contents

Overview

Use this procedure to deploy a certificate to multiple computers by using the Active Directory Domain Services and Group Policy Object (GPO). This procedure is useful each time a certificate needs to be pushed to clients.

For example, when you need to push a WSUS self-signed or CA-signed certificate to all of your clients before they can trust the published third party packages.

Note: As a minimum requirement, only members of the local administration group (or its equivalent) can perform this procedure.

Environment

  • All Patch Manager versions
  • All WSUS versions
  • All SCCM versions

Steps

  1. Open the Group Policy Management Console.

  2. Find an existing or create a new GPO that contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit whose users you want affected by the policy.

  3. Right click the GPO, and then select Edit.

    The Group Policy Management Editor opens, and displays the current contents of the policy object.

  4. In the navigation pane, open Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers.

  5. Click the Action menu, and then click Import.

  6. Follow the instructions in the Certificate Import Wizard to find and import the certificate.

  7. If the certificate is self-signed, and cannot be traced back to a certificate that is in the Trusted Root Certification Authorities certificate store, then you must also copy the certificate to that store. In the navigation pane, click Trusted Root Certification Authorities, and then repeat steps 5 and 6 to install a copy of the certificate to that store.

 

 

Last modified

Tags

Classifications

Public