You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Domain Controller:

The position of trust to the AirID Virtual CA is established by importing the Trial CA certificate at two points. Firstly, this must be imported as a Root CA, secondly, it must be installed in the NT Auth Store. In the future, both steps can be performed by the AirID Virtual help program. In the following the description for the manual process:

// Change to the directory where the certificate files provided by AirID Virtual are located:
cd C:\path\to\the\certificates
 
// Import certificate as Root Certification Authority:
certutil -dspublish -f <TENANT>_Trial_IssuingCA.crt RootCA

// Import certificate as NTAuthCA:
certutil -dspublish -f <TENANT>_Trial_IssuingCA.crt NTAuthCA

In general, these calls should be sufficient. In some cases, we have already observed that the NTAuth cache in the registry was not automatically updated. To force this, the following command can be used:

// Change to the directory where the certificate files provided by AirID Virtual are located:
cd C:\path\to\the\certificates

certutil -addstore -enterprise NTAuth <TENANT>_Trial_IssuingCA.crt


Client:

The Trial CA certificates must be installed on the client computers using GPO. Just once in the computer store "Trusted Root Certification Authorities".

Guide to enroll the certificate via GPO:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/distribute-certificates-to-client-computers-by-using-group-policy


  • No labels