Skip to main content



How can we help you?


Druva Documentation

How to add the CA certificate as a trusted root authority on a Windows device

Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.

This article applies to:

  • OS: All supported Windows versions
  • Product edition: inSync On-Premise


In scenarios where your environment does not have the updated CA certificate in trusted root authority, primarily in case of Internal CA environments, SSL certificate chain may break resulting in SSL warnings. This also leads to inSync activation failures. To fix this, you can push the CA root certificate as a trusted root authority using group policy across the domain.

If you are using Active Directory, your best bet is to utilize a Group Policy so that all the systems in your organization can trust certificates from the Certificate Authority.

Utilize Group Policy to configure Windows devices to trust the CA

  1. Copy the certificate to your domain controller.
  2. Go to the Control Panel > open Administrative Tools > open Group Policy Management.

  3. Right-click your domain and select Create A GPO In This Domain And Link It Here.

  4. Enter a name for the Group Policy Object, such as CA certificate, and click OK.
  5. Right-click the new GPO and click Edit.
  6. Expand Policies > Windows Settings > Security Settings > Public Key Policies.
  7. Right-click Trusted Root Certification Authorities and select Import.

  8. Click Next and Browse to select the CA certificate you copied to the device.

  9. Click Finish and then OK. The certificate is displayed on the right.
    This enables the client devices to trust the Certificate Authority.