The following steps will guide you through adding the SSL certificate as a trusted root certificate to the Default Domain Policy using the Group Policy Manager.
Deploying the SSL certificate using this Group Policy guide will apply the certificate to the Windows Trusted Root Certification Authorities store. This certificate store is used by Internet Explorer, Chrome, and Safari Web Browsers. This will not deploy to Firefox or other browsers as they use their own certificate stores.
*SSL Inspector is only available on versions 10 and above.
Deploying the root SSL certificate using group policy requires that you first download the certificate from the NGFW. This can be downloaded in HTTPS Inspector>Settings>Configuration by clicking on the "Download Root Certificate Button".
(Windows Server 2008)
To import Certificate
- From Windows Server, select Start > Administrative Tools > Group Policy Management.
From the tree structure, Double-click the domain where you want to apply the SSL certificate.
- Double-click Group Policy Objects>Right-click Default Domain Policy >Select Edit.
- From the Group Policy Management Editor(GPME) go to Computer Configuration>Policies>Windows Settings>Security Settings>Public Key Policies> Trusted Root Certificate Authorities. Once you have this folder selected in the File menu, select Action > Import.
- The Certificate Import Wizard opens.
- Click Next.
- Click Browse.
- The Window Open dialog appears.
- Browse to the folder where you downloaded the SSL certificate.
- Select the root_authority.crt file.
- Click Open.
- Confirm that you selected the correct certificate file.
- Click Next.
- The wizard automatically selects Place all certificates in the following store. The store selected should be the "Trusted Root Certification Authorities". If this is not correct than you will want to verify that you have selected the correct store in the public key policies section above.
- Confirm the certificate store settings you selected are correct. Click Finish.
- The wizard imports the root_authority.crt file and a message appears when it is successful.
- Click OK.