Score:2

GPO to add a purpose to root certificate

cd flag

The root certificate of the DFN-PKI "T-TeleSec GlobalRoot Class 2" is not activated in the Windows certificate store for the certificate purpose "code signing".

I can activate it with certmgr.msc in [Trusted Root Certificates Authorities] > [Certificates] > RMB on "T-TeleSec GlobalRoot Class 2" > [Select role code-signing].

enter image description here

enter image description here

I have some 50+ PCs where this setting is required. In Group Policy Managemnt Editor the tree [Computer Configuration] > [Policies] > [Security Settings] > [Public Key Policies] > [Trusted Root Certification Authorities] is empty. The only possible task is [Import of a certificate].

Can any one suggest me how to add a role to Certificate using GPO?

Score:1
cn flag

Are you currently deploying the certificate using Group Policy? If not, that's what you need to do. Create a GPO, add the certificate to Computer\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities

Then enable the attribute. Link the GPO to the OU where your computers are located.

When this is pulled by the target computers, this will add the certificate in the registry:

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\Thumbprint!Blob

cd flag
this certificate is included in any current windows -- so no, i'm not deploying it with GPO.
Score:0
cn flag

You can import your own certificate and select the role you want for it inside the Windows of [Computer Configuration] > [Policies] > [Security Settings] > [Public Key Policies]

Your problem there is it a public certificate. You would need to download the .cer if possible and redistribute it to your computers with the correct roles, or just click to add all roles.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.