Create a certificate trust list for a Group Policy object

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create a certificate trust list for a Group Policy object

Open the Group Policy object (GPO) that you want to edit.
In the console tree, click Enterprise Trust.

Where?
- Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Enterprise Trust
On the Action menu, point to New, and then click Certificate Trust List.

This starts the Certificate Trust List Wizard. Follow the steps in the wizard to create a certificate trust list (CTL) for the GPO.

Notes

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open a GPO, see Group Policy (pre-GPMC).
This procedure does not apply to Local Policy objects.
To use the Certificate Trust List Wizard, you need the following information:
- The certificate purposes for this CTL. For more information about CTL purposes, see Using enterprise trust policy.
- The certificates that you want to add to the CTL. You can add certificates from the certificate store on the local computer or from a file. Acceptable file formats from which you can import a certificate are an X.509 v3 certificate file (.cer, .crt), a PKCS #7 file (.spc, .p7b), or a Microsoft serialized certificate store (.sst).
- A certificate that has the Trust List Signing purpose and its associated private key in your personal certificate store. For general instructions on how to request a certificate, see Request a certificate.
- As an option, you can enter a time stamp service URL to time-stamp the CTL.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.