Is there a way to deploy a CA's X509 certificate on several client machine's (Windows) in a Intranet environment?
1 Answer
Look into Active Directory. Using group policy, you can deploy certificates to computers and servers (Windows) joined to a domain.
Here is an excerpt from Microsoft: Distribute Certificates to Client Computers by Using Group Policy
To distribute certificates to client computers by using Group Policy On a domain controller in the forest of the account partner organization, start the Group Policy Management snap-in.
Find an existing Group Policy Object (GPO) or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit (OU) where the appropriate user and computer accounts reside.
Right-click the GPO, and then click Edit.
In the console tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies, right-click Trusted Root Certification Authorities, and then click Import.
On the Welcome to the Certificate Import Wizard page, click Next.
On the File to Import page, type the path to the appropriate certificate files (for example, \fs1\c$\fs1.cer), and then click Next.
On the Certificate Store page, click Place all certificates in the following store, and then click Next.
On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.
Repeat steps 2 through 6 to add additional certificates for each of the federation servers in the farm.
If you don't want computers joined to a domain, look into doing it through PowerShell or Ansible.
answered Jun 14, 2020 at 23:41
-
1Thanks, I think Active Directory will do the trick, it's really annoying people having to trust it's own company manually.– user1143185Commented Jun 16, 2020 at 15:30
-
Be sure to mark this as the answer if this answer helped you. Commented Jun 16, 2020 at 17:48