• ActiveDirectory

English version below

Taken from: http://www.heise.de/security/news/foren/go.shtml?read=1&msg_id=7599485&forum_id=75362

Das Ganze wird per Group Policy Objects gemacht:

• GPO auf der entsprechenden OU der zu konfigurierenden Client-Computer öffnen

• Öffne: Computer Configuration --> Windows Settings --> Security Settings --> Public Key Policies --> Trusted Root Certification Authorities

• Rechter Mausklick auf 'Trusted Root Certification Authorities' --> import

• Das Zertifikat eurer Root-CA angeben
• GPO-Editor schliessen

• Active Directory auf alle DCs urgent replizieren (--> Admin fragen)

• GPOs auf Clients urgent aktualisieren (WinXP: 'gpupdate /force')

How to distribute the CAcert root certificate through ActiveDirectory onto all computers:

• The following will be done via Group Policy Objects:
• Open the Group Policy Objects of the Organisation-Unit of the client computers that should be configured

• Go to Computer Configuration --> Windows Settings --> Security Settings --> Public Key Policies --> Trusted Root Certification Authorities)

• Right-click on 'Trusted Root Certification Authorities' --> import

• Specify the certificate of the Root-CA.
• Close the Group Policy Editor.

• replicate the ActiveDirectory to all DCs urgently (--> ask your admin)

• Update Group Policy Objects on clients (WinXP: 'gpupdate /force')