Hi All, I have imported a third party certificate into the trusted root certificate authority store on both of my domain controllers. It imported without error and shows up on both properly. I am trying to configure Wired Network Policy within group policy to automatically assign a client a certificate for use with PEAP. However, this cert I have imported to the domain controllers hours ago is still not showing up in the list of available cert's to choose under the PEAP Trusted Root Certification Authorities list. How do I get the cert to show up? Thanks

Hello, I think it will be better to ask them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator

You need to import the Root CA certificate intoActive Directory to distribute the trust to all members of AD not just the DCs. You can either use the certutil command to import it to the enterprise store to distribute the trust to all domains in the forest certutil -dspublish -f rootca_<var>filename.cer</var> RootCA or use group policy to add the Root CA certificate to the trusted root store for a specific domain http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx /Hasain

Hi Hasain, Thanks. I ended up importing it using GPO last night. I imported it into the default domain policy. However this morning, it still not showing up for the policy mentioned above. So I have just imported it into the Trusted Root Authortity Store for that policy as well. However I noticed when viewing the imported cert into the default domain policy last night that it shows as not trusted and says to trust it, import it into the same store it was already imported into. Is it possible that the cert is invalid even though it successfully imports? Or am I missing something? Thanks

Please check the following: The Root CA certificate is time valid, if possible provide the output of the command: certutil -dump rootca.crt The GPO has replicated and applied to the computer used to configure the PEAP Policy: certutil -viewstore -GroupPolicy Root /Hasain

Hi All, Still have not resolved this problem and hoping I can get some next steps. I have applied the certificate in question in to the default domain policy under Public Key Policies\Trusted Root Certification Authorities. This certificate then replicates to all clients and shows up under User and Computer Trusted Root Certification Authorities. However the domain controllers never appear to receive this cert when I open and view via the Certificates MMC. Even if I manually import this certificate into the Trusted Root on the DC's, the cert will never show up in the list of available certificates to choose in the screen shot above. I am not sure what I am missing here but its driving me nuts.

Try with either adding the Root CA as a trusted Root in the forest using the command certutil -dspublish -f rootca_<var>filename.cer</var> RootCA or adding the Root CA using the "Default Domain Controller" policy If you run the group policy editor on another machine than your DC, can you see the desired Root CA in the list? /Hasain

Manually importing the cert to the domain controller using certutil forced the cert to show up in the list under the policies. What is the difference between using certutil and importing through the GUI? Thank you for your help!