This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

custom certificate for end users with ADCS

Hello there,
I need to know how I can prevent my users to face HTTPS error on their browsers while reaching authentication or blocked URL pages without importing any certification at user end? How I can secure such pages with ADCS?

thanks in advance,



This thread was automatically locked due to age.
Parents
  • If your users don't surf the web with Chrome, you might be able to just use your default domain root certificate, which is already trusted by your domain joined PC's.

    If you have Chrome in your environment, a few updates ago they put in the requirement of certificates needing the subject alternative name. There are methods to get your ADCS to be able to generate these types of certs, but I don't recommend mucking with ADCS just for this.

    All you can do is generate the certificate on the UTM and push it out with group policy to the trusted root certificate store. This will ensure it's trusted by your PC's and they will not get a certificate error if you have HTTPS scanning enabled.

    Unless this isn't at all what you're asking, then I'm just confused by your question :-)

Reply
  • If your users don't surf the web with Chrome, you might be able to just use your default domain root certificate, which is already trusted by your domain joined PC's.

    If you have Chrome in your environment, a few updates ago they put in the requirement of certificates needing the subject alternative name. There are methods to get your ADCS to be able to generate these types of certs, but I don't recommend mucking with ADCS just for this.

    All you can do is generate the certificate on the UTM and push it out with group policy to the trusted root certificate store. This will ensure it's trusted by your PC's and they will not get a certificate error if you have HTTPS scanning enabled.

    Unless this isn't at all what you're asking, then I'm just confused by your question :-)

Children
No Data