Install the Cisco Secure Access Root Certificate with Group Policy Using the Microsoft Management Console (MMC)
Before you begin, download the Cisco Secure Access root certificate. See Prerequisites.
- Log into your Active Directory server using a domain administrator account.
- Select Start > All Programs > Administrative Tools > Active Directory Users and Computers. The Microsoft Management Console (MMC) is displayed.
- To create a domain-wide policy, right-click your domain root Organizational Unit (OU), which is displayed as your domain name, and select Properties from the context menu.
- In the <OU_Name> Properties dialog box, click the Group Policy tab.
- Click New, name the policy Secure Access Certificate Installer, and press Return / Enter.
- Select the new Group Policy Object and click Edit. The Group Policy Object Editor is displayed.
- In the configuration options sidebar, expand Computer Configuration > Windows Settings > Security Settings > Public Key Policies, right-click Trusted Root Certification Authorities, and select Import.
- In the Certificate Import wizard, click Next, and in the File to Import page, click Browse. Navigate to where you downloaded the certificate authority on your local system, and double-click the Cisco_Secure_Access_Root_CA.cer file.
- With the full path to the certificate displayed in the File name field, click Next.
- Accept the default option, place all certificates in the following store (Trusted Root Certification Authorities), click Next, and then click Finish and OK.
You have now created the Group Policy Object to install the Cisco Secure Access root certificate on all of the computers in your domain. The new policy may not take effect immediately on all client machines. By default, the background synchronization processing happens every 90 to 120 minutes at randomized times. Rebooting client machines forces the synchronization.
You can check that the Group Policy has propagated to all computers in the domain by opening your browser on a workstation, opening Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities, and ensuring that the Cisco Secure Access root certificate is present.