Do you get certificate errors?

Posted by

From time to time I get some questions regarding certificates, users get certificate errors on newly installed computers.

Since certificate are time limited and some will be revoked for what ever reason, the certificate store needs to be updated. Usually this is handled by Windows update, WSUS, SUP or something similar, but what should you look for to approve?

A search at http://www.microsoft.com/download for Root certificate will help you and this will give you a result that looks something like this:

image

 

Direct link for the latest at the moment: http://www.microsoft.com/download/en/details.aspx?id=28175

Just add this in your task sequence to make sure you have all new certificates from the beginning, and hopefully your Internet Explorer certificate errors will be gone!

Advertisements

One comment

  1. This is one way of doing it, but i disagree that it is the best method.

    i would distribute the certificates with Group policy instead, this gives the administrators more power over what is trusted and what is not, since the company’s security policy might disagree with Microsoft on which PKI structures that is to be trusted.

    But as for unmanaged clients, this will work.

    Like

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.