Trusted root certification authority policy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Trusted root certification authority policy

To establish a trusted root certification authority using Group Policy, the Group Policy object (GPO) that you create must have access to the root certificate. This requires that you import a copy of the root certification authority certificate.

You can do this by using the procedure in Add a trusted root certification authority to a Group Policy object.

For a root certification authority certificate to be imported, the root certificate must be in a PKCS #12 file, in a PKCS #7 file, or in binary-encoded X.509 v3 certificate files. For more information about these file formats, see Importing and exporting certificates.

For more information on trusted root certification authority policies, see Policies to establish trust of root certification authorities and Delete a trusted root certification authority from a Group Policy object.