none
Pushing the Trusted Root Certificate through GPO

    Question

  • Hi,

    I pushed the Trusted root certification authority certificate to workstations through the GPO. In few of the work stations the certificate is already manually installed. In these work stations the same certificate is showing twice(Manually installed one and the one which is pushed through the GPO).

           Now my question is,

    1) Is there anyway to rewrite the certificate if it is already present while pushing the GPO?   

    2) If we are removing the group policy will the Trusted root certification authority certificate will also get removed?

    3) Is there any way to permanently install the  Trusted root certification authority certificate across all the work stations?

    Please help me.

    Regards,

    Chaitanya 

                        

    Tuesday, October 13, 2015 6:15 PM

Answers

  • Hi,
     
    We might not be able to rewrite the certificate in this case. To my knowledge, as long as the thumbprint for each certificate is different, you will end up with double entries. If they are the same, the certificate will only be added once.
     
    You should not need to worry about this as duplicate entries won't create any issue. If you remove the group policy, the certificate that got pushed will not be removed.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Wednesday, October 14, 2015 9:03 AM
    Moderator
  • > certificate is already manually installed. In these work stations the
    > same certificate is showing twice(Manually installed one and the one
    > which is pushed through the GPO).
     
    I agree with Ethan - if it shows twice, it is NOT the same certificate.
    But anyway, it will not cause issues, so you can safely ignore it.
     
    > 2) If we are removing the group policy will the Trusted root
    > certification authority certificate will also get removed?
     
    No, not to my knowledge.
     
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, October 14, 2015 9:43 AM

All replies

  • Hi,
     
    We might not be able to rewrite the certificate in this case. To my knowledge, as long as the thumbprint for each certificate is different, you will end up with double entries. If they are the same, the certificate will only be added once.
     
    You should not need to worry about this as duplicate entries won't create any issue. If you remove the group policy, the certificate that got pushed will not be removed.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Wednesday, October 14, 2015 9:03 AM
    Moderator
  • > certificate is already manually installed. In these work stations the
    > same certificate is showing twice(Manually installed one and the one
    > which is pushed through the GPO).
     
    I agree with Ethan - if it shows twice, it is NOT the same certificate.
    But anyway, it will not cause issues, so you can safely ignore it.
     
    > 2) If we are removing the group policy will the Trusted root
    > certification authority certificate will also get removed?
     
    No, not to my knowledge.
     
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, October 14, 2015 9:43 AM
  • Thank you Ethan 
    Wednesday, October 14, 2015 3:36 PM
  • Thank you Martin

    Wednesday, October 14, 2015 3:37 PM