Skip to main content

 

Druva Documentation

How to add the CA certificate as a trusted root authority on a Windows device

This article applies to:

  • OS: All supported Windows versions
  • Product edition: inSync On-Premise

Overview

In scenarios where your environment does not have the updated CA certificate in trusted root authority, primarily in case of Internal CA environments, SSL certificate chain may break resulting in SSL warnings. This also leads to inSync activation failures. To fix this, you can push the CA root certificate as a trusted root authority using group policy across the domain.

If you are using Active Directory, your best bet is to utilize a Group Policy so that all the systems in your organization can trust certificates from the Certificate Authority.

Utilize Group Policy to configure Windows devices to trust the CA

  1. Copy the certificate to your domain controller.
  2. Go to the Control Panel > open Administrative Tools > open Group Policy Management.

    ControlPanel.png
  3. Right-click your domain and select Create A GPO In This Domain And Link It Here.

    ProvideGPO.png
  4. Enter a name for the Group Policy Object, such as CA certificate, and click OK.
  5. Right-click the new GPO and click Edit.
  6. Expand Policies > Windows Settings > Security Settings > Public Key Policies.
  7. Right-click Trusted Root Certification Authorities and select Import.

    TrustedRCA.png
  8. Click Next and Browse to select the CA certificate you copied to the device.

    CAcertDisplay.png
  9. Click Finish and then OK. The certificate is displayed on the right.
    This enables the client devices to trust the Certificate Authority.