Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Where to store server certificate after import
New Posts  All Forums:Forum Nav:

Where to store server certificate after import

post #1 of 7
Thread Starter 
Hi,

I'm currently deploying a certificate for our WSUS and I was wondering where do you store the certificate once you have imported it in the GPO. Are there any recommended settings for that?

My google search didn't return anything.

Thanks,

Jp

edit: it's a self signed certificate
Edited by jp777cmoe - 12/11/12 at 11:50am
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
post #2 of 7
It's loaded into IIS under administrative tools.


Here's a helpful guide:

http://www.windowsecurity.com/articles/applying-certificates-wsus-server.html


Straight from Microsoft (though it's server 2003) most of it remains the same: http://technet.microsoft.com/en-us/library/cc708467(v=ws.10).aspx


I personally would just pull straight http from it.
Edited by wgman003 - 12/11/12 at 11:59am
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
post #3 of 7
Thread Starter 
I already did the IIS stuff and it went well.

Now I have to deploy this certificate on my domain controller by GPO
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
post #4 of 7
Gotcha. Well two ways of doing it. You can have an internal certificate authority so people don't get blasted by the error in their browsers.


Or

Your issue:

http://www.tcpdump.com/kb/os/windows/certificate-deployment-using-gpo/certificate-export.html




Edit: Actually a 3rd way too is to purchase the certificate from an external authority (like register.com or GoDaddy.com)
Edited by wgman003 - 12/11/12 at 12:30pm
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
post #5 of 7
Thread Starter 
We don't have a CA in our network. I'm looking to publish it by the domain controller by GPO. The second option is not viable because I'm not going on every computer to install it.

Third option: I might get a certificate from startssl but not sure yet tongue.gif

Thanks,
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
post #6 of 7
Thread Starter 
I managed to publish the certificate using
http://technet.microsoft.com/en-us/library/cc770315(v=ws.10).aspx

The certificate has to be in Trusted Root Certification Authorities for it to work
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
my rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
e8400 @ 3.0 ghz stock gigabyte ep45-ud3r Gigabyte 660 GTX TI 2Gb OCZ Blade ddr2 memory 4Gb 
Hard DriveOptical DriveOSMonitor
Intel 520 120Gbs & Seagate 320 Gb 3.0Gb/s Pioneer DVD-RW DVR-111D Windows 7 Pro x64 Samsung 2233rz 
KeyboardPowerCaseMouse
Microsoft USB  Corsair TX650w Cooler Master 690 Intellimouse Explorer 3.0 
Mouse PadAudio
QcK+ Creative Xtreme Gamer 
  hide details  
Reply
post #7 of 7
In option 2 I think this was pushing the GPO from the DC and not manually going to every machine.

At least, that's how I read it.
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Where to store server certificate after import