Update the default domain policy with the issuing party CA

Add the issuing CA to the trusted roots in an Active Directory Group Policy object.

To configure Group Policy in the Windows domain to distribute the issuing CA to the trusted root store of all domain computers:

Open Group Policy Management, select your domain root in the navigation tree, and expand the Group Policy Objects container.
Choose the Default Domain Policy Group Policy object, and then choose Edit. A new window opens.
In the left navigation pane, expand the following items:
- Computer Configuration
- Policies
- Windows Settings
- Security Settings
- Public Key Policy
Right-click Trusted Root Certification Authorities.
Select All Tasks, then choose Import.
Follow the instructions in the wizard to import the certificate file generated in the Generate the issuing CA certificate, ca_name.cer.
A confirmation window appears when the import is complete. Choose OK.
Close the Group Policy window.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Generate the issuing CA certificate

Import the issuing CA certificate into the Enterprise NTAuth store