This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.
Update default domain policy with third party root CAs
Add the Department of Defense third-party root CAs to the trusted roots in an Active Directory Group Policy object.
To configure Group Policy in the Windows domain to distribute the third-party CAs to the trusted root store of all domain computers:
-
Open Group Policy Management, choose your domain root in the navigation tree, and expand the Group Policy Objects container.
-
Choose the Default Domain Policy Group Policy object, and then choose Edit. A new window opens.
-
In the left pane, choose Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies.
Trusted Root Certification Authorities folder location -
Right-click Trusted Root Certification Authorities.
-
Select All Tasks, and then choose Import.
-
Follow the instructions in the wizard to import the certificate file
Certificates_PKCS7_v5.6_DoD.der
. -
A confirmation window appears when the import is complete. Choose OK.
-
Drag and drop all of the intermediate DoD certificate authorities to the Trusted Intermediate Certification Authorities folder.
-
Close the Group Policy window.