Do you get certificate errors?

Posted by

From time to time I get some questions regarding certificates, users get certificate errors on newly installed computers.

Since certificate are time limited and some will be revoked for what ever reason, the certificate store needs to be updated. Usually this is handled by Windows update, WSUS, SUP or something similar, but what should you look for to approve?

A search at for Root certificate will help you and this will give you a result that looks something like this:



Direct link for the latest at the moment:

Just add this in your task sequence to make sure you have all new certificates from the beginning, and hopefully your Internet Explorer certificate errors will be gone!

One comment

  1. This is one way of doing it, but i disagree that it is the best method.

    i would distribute the certificates with Group policy instead, this gives the administrators more power over what is trusted and what is not, since the company’s security policy might disagree with Microsoft on which PKI structures that is to be trusted.

    But as for unmanaged clients, this will work.


Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.