How to push Root Cert on the Clients in "Trusted Root Certificate Authority" Store. RRS feed

  • Question

  • I have a situation in the following environment:

    1. IIS Server/Web Server is in X Domain
    2. Users in Y Domain who open the SSL page to login to Citrix Console.
    3. SSL cert is issued from a IIS/Web Server
    3. Users can access the Web Server through IP and not hostname.
    4. When Users try to access the SSL page, they can't see anything
    5. When try to access with IP, they see the cert error page.
    6. Root Cert is missing in the Certification Path.

    What I did to resolve this on one of the clients:
    1. Added the entry in host file.
    2. Manualy imported the Root Cert in the "Trusted Root Certification Authority"

    What I want is:
    1. I have multiple clients.
    2. I don't want to use Group Policy to push the Root Cert. (Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities)
    3. I want an exe file which can install the Root Cert on the Client.
    4. I have a .bat file to update the host entry (echo <IP Address> <Hostname/FQDN>>>c:\Windows\System32\drivers\etc\hosts)
    5. It'll be great if someone can assist me with a script to automate the import of Root Cert in "Trusted Root Certificate Authority" Store.

    Friday, April 1, 2011 6:15 PM