Distribute certificates to client computers using Group Policy

Applies To: Windows Server 2003 R2

You can use this procedure to push down the appropriate Secure Sockets Layer (SSL) certificates (or equivalent certificates that chain to a trusted root) for account federation servers, resource federation servers, and Active Directory Federation Services (ADFS)–enabled Web servers to each client computer in the account partner forest by using Group Policy.

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory or you must have been delegated the appropriate authority.

To distribute certificates to client computers using Group Policy

1. On a domain controller in the forest of the account partner organization, click Start, point to Administrative Tools, and then click Domain Security Policy.

2. In the console tree, double-click Public Key Policies, right-click Trusted Root Certification Authorities, and then click Import.

3. On the Welcome to the Certificate Import Wizard page, click Next.

4. On the File to Import page, type the path to the appropriate certificate files (for example, \\adfsresource\c$\adfsresource.cer), and then click Next.

5. On the Certificate Store page, click Place all certificates in the following store, and then click Next.

6. On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.

7. Repeat steps 2 through 6 to add additional certificates for each of the ADFS servers.