Root CA Certificates aren't trusted on computers in Domain


  • Hello,

    I am dealing with big problem on multiple workstations in our company. Many Windows 7 computers and one Windows XP computer have all Root CA certificates not trusted so I cannot import new certificate generate by Certification Authority in our Country.

    I noticed this problem recently and after two days on google I couldn't find solution to this.

    If I open mmc and select Certificates - > Computer -> Trusted Root Certification Authorities I see all certs on computer but after I check any they show this in General info about Cert:

    This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.


    This root certificate appears to be trusted by the remote computer. To ensure this root certificate is valid on the remote computer, verify this root certificate on that computer.

    This goes for all certs (Microsoft, Thawte, Go Daddy, GeoTrust...) and even for our certificates generated by our internal CA.

    We push only Critical and Security Updates from our wsus server. Affected computers have installed all updates.

    We have firewall and don't allow full access to internet but I tried to give one computer with this issue full access to internet and reboot couple times but that didn't help.


    Wednesday, March 23, 2016 9:59 AM