Certificate SecurityAppliance_SSL_CA GPO Windows Server 2012

 

 Hello,

 

I want to ask, how can I publish SecurityAppliance_SSL_CA download from Firewall certificate to all users from AD (Windows Server 2012).

I dont want install this certificate on every device standalone.

I can download the certificate from firewall. I follow the instruction of this website. support.securly.com/ , community.sophos.com and how-to-deploy-certificate-by-using-group-policy 

But my client computer does not install the certificate. Can you help me?

Thanks,

  • Hi  

    When you push it out using Group Policy Management, do you see any errors there? Further, do you not find the issue with all the devices or specific ones?

  • Yan,

    can you share the GPO settings?

    Thanks

  • In reply to Jaydeep:

    Dear Jaydeep,

     

    I test two device has follow result:

    Client A:

    C:\Users\xxx>gpresult /r

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    © 2019 Microsoft Corporation. All rights reserved.

    Created on ‎15/‎11/‎2019 at 8:19:12


    RSOP data for xxx\xxx on xxx : Logging Mode
    -------------------------------------------------

    OS Configuration: Member Workstation
    OS Version: 10.0.18363
    Site Name: N/A
    Roaming Profile: N/A
    Local Profile: C:\Users\xxx
    Connected over a slow link?: No


    USER SETTINGS
    --------------
    CN=xxx,OU=TSS,OU=xxx,DC=xx,DC=xxx,DC=xx
    Last time Group Policy was applied: 15/11/2019 at 8:18:51
    Group Policy was applied from: xxx.xx.xxx.xx
    Group Policy slow link threshold: 500 kbps
    Domain Name: xxxxx
    Domain Type: Windows 2008 or later

    Applied Group Policy Objects
    -----------------------------
    TSS
    Default Domain Policy
    Local Group Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Sophos Certificate
    Filtering: Not Applied (Unknown Reason)

    The user is a part of the following security groups
    ---------------------------------------------------
    Domain Users
    Everyone
    BUILTIN\Users
    NT AUTHORITY\INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    S1 & S2 LEPW
    photo
    School building and environment
    PTA cruise coral
    Authentication authority asserted identity
    Medium Mandatory Level

     

     

    Client B:

    C:\Users\xxx>gpresult /r

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    © 2019 Microsoft Corporation. All rights reserved.

    Created on ‎15/‎11/‎2019 at 8:19:12


    RSOP data for xxx\xxx on xxx : Logging Mode
    -------------------------------------------------

    OS Configuration: Member Workstation
    OS Version: 10.0.18363
    Site Name: N/A
    Roaming Profile: N/A
    Local Profile: C:\Users\xxx
    Connected over a slow link?: No


    USER SETTINGS
    --------------
    CN=xxx,OU=TSS,OU=xxx,DC=xx,DC=xxx,DC=xx
    Last time Group Policy was applied: 15/11/2019 at 8:18:51
    Group Policy was applied from: xxx.xx.xxx.xx
    Group Policy slow link threshold: 500 kbps
    Domain Name: xxxxx
    Domain Type: Windows 2008 or later

    Applied Group Policy Objects
    -----------------------------
    TSS
    Default Domain Policy
    Local Group Policy

    The user is a part of the following security groups
    ---------------------------------------------------
    Domain Users
    Everyone
    BUILTIN\Users
    Performance Log Users
    NT AUTHORITY\INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    S1 & S2 LEPW
    photo
    School building and environment
    PTA cruise coral
    Authentication authority asserted identity
    Medium Mandatory Level

     

    Thanks

     

    Yeung Yan Ting

  • In reply to lferrara:

    Dear ,

     

    Thank you for your reply,

    I download the file from firewall certificate page file is [SecurityAppliance_SSL_CA.pem],

    I rename the file extension to .cer:

    Then, create a new group policy object in the group policy management.

    After that, I link the object to specific group and user.

    This is my GPO setting!

     

    Yeung Yan Ting

  • In reply to lferrara:

    Running Group Policy Management on Windows Server 2012 standard

    Client is running Windows 10 Pro 64 bit (However this issue happened on multiple computers in the domain)

    This is an example of my results after running gpresult /R