Domain Controller:
The position of trust to the AirID Virtual CA is established by importing the Trial CA certificate at two points. Firstly, this must be imported as a Root CA, secondly, it must be installed in the NT Auth Store. In the future, both steps can be performed by the AirID Virtual help program. In the following the description for the manual process:
// Change to the directory where the certificate files provided by APIIDA are located: cd C:\path\to\the\certificates // Import certificate as Root Certification Authority: certutil -dspublish -f <TENANT>_Trial_IssuingCA.crt RootCA // Import certificate as NTAuthCA: certutil -dspublish -f <TENANT>_Trial_IssuingCA.crt NTAuthCA
In general, these calls should be sufficient. In some cases, we have already observed that the NTAuth cache in the registry was not automatically updated. To force this, the following command can be used:
// Change to the directory where the certificate files provided by APIIDA are located: cd C:\path\to\the\certificates certutil -addstore -enterprise NTAuth <TENANT>_Trial_IssuingCA.crt
Client:
The Trial CA certificates must be installed on the client computers using GPO. Just once in the computer store "Trusted Root Certification Authorities".
Guide to enroll the certificate via GPO: