Install the Cisco Secure Access Root Certificate with Group Policy Using the Group Policy Management Console (GPMC)
The Microsoft Group Policy Management Console (GPMC) with Service Pack 1 (SP1) unifies the management of Group Policy across the enterprise. The GPMC consists of an MMC snap-in and a set of programmable interfaces for managing Group Policy.
Before you begin, download the Cisco Secure Access root certificate. See Prerequisites.
- Log into your Active Directory server using a domain administrator account.
- Select Start > All Programs > Administrative Tools > Group Policy Management. The Group Policy Management Console (GPMC) appears.
- To create a domain-wide policy, right-click your domain root Organizational Unit (OU), which is displayed as your domain name, and select Create and Link a GPO Here from the context menu.
The New GPO dialog box appears.
- In the Name field of the New GPO dialog box, enter a meaningful name for the policy object.
- Right-click the new Group Policy Object, Secure Access Certificate Installer, on the right side of the window, and select Edit from the context menu. The Group Policy Object Editor appears.
- In the left configuration options sidebar, expand Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies, right-click Trusted Root Certification Authorities, and select Import from the context menu.
- In the Certificate Import wizard click Next, and in the File to Import page, click Browse and navigate to where you downloaded the certificate authority on your local system, and double-click the Cisco_Secure_Access_Root_CA.cer file.
- With the full path to the certificate displayed in the Filename field, click Next.
- Accept the default option, Place all certificates in the following store (Trusted Root Certification Authorities), click Next, then click Finish and OK.
You have now created the Group Policy Object to install the Cisco Secure Access root certificate on all of the computers in your domain. The new policy may not take effect immediately on all client machines. By default, the background synchronization processing “only” happens every 90 to 120 minutes (at randomized times). Rebooting client machines forces the synchronization.
You can check that the Group Policy has propagated to all computers in the domain by opening your browser on a workstation, opening Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities, and ensuring that the Cisco Secure Access root certificate is present.