We have a fax server only accessible internally on our network, say address 10.10.10.2. Many of our employees use this fax server daily, so I created a DNS entry with an easy name, like fax.company.com, and that works great. The fax server has the ability to communicate over SSL and has the ability to generate a SSL cert. I generated then copied this SSL cert over to our domain controller, and added it to the Trusted Root Certificate Store following these instructions. However, when navigating to fax.company.com, users are still prompted with the browser warning of an untrusted connection. My end goal is to have our domain users navigate to fax.company.com and for the connection to be trusted, and thus the users are not presented with the browser warning.
I've been googling and researching and can't seem to find out exactly where to install this certificate to make it so when users navigate to fax.company.com, the browser will recognize this certificate and trust it, and thus not warn them. The domain controller runs Windows Server 2012. The fax server serves it's own web interface, so IIS is not a factor in this situation (i.e. installing the cert in IIS shouldn't resolve this issue, as IIS on the domain controller isn't serving the content).
I haven't restarted the domain controller as I don't think that would be necessary…or is it? Maybe it's that simple? I've tried clearing cache and restarting my computer but I still receive the browser untrusted connection warning.
Any help would be much appreciated. Thanks!
Best Answer
Installing the certificate as a Trusted Root Certification Authority on the domain controller doesn't really do anything for the clients. They still don't have it in their stores.
You can distribute the certificate using a GPO as described in this technet article:
If only a subset of your client should trust the certificate, create a new GPO and target them alone