Click Start | Server Manager and open Features | Group Policy Management |
Forest | Domains | domain name | Group Policy Objects, as shown in Figure 15-4.
2. Right-click Default Domain Policy and click Edit. The Group Policy
Management Editor window opens.
3. In the left pane, open Computer Configuration | Windows Settings | Security
Settings | Public Key Policies, and click Enterprise Trust. Click the Action menu
and click New | Certificate Trust List. The Certificate Trust List Wizard opens.
4. Click Next. If you so choose, enter an identifying prefix for the CTL, enter the
months and/or days that it is valid, select the purposes of the CTL, and click
Next.
Figure 15-4. A certificate trust list can be maintained in a group policy object (GPO).
535 Chapter 15: Controlling Windows Server 2008 Security
5. In the Certificates In The CTL dialog box, click Add From Store. The Select
Certificate dialog box opens, in which you can select those certificates whose
issuers you want to include in the CTL. Early in the list, you will find the
certificates that your new CA issued as you followed the steps earlier in this
chapter.
6. Double-click one of the certificates you created. When it opens, you may find
that it is not trusted, even though it was created on the same computer. You are
told that it must be added to the CTL to be trusted.
7. Select the certificates whose issuers you want on the CTL, holding down ctrl
while selecting more than one certificate.
Pages:
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592