Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, March 2, 2020 4:01 PM
Hi,
Some of our workstations running Win 10 Pro v 1803 are missing the local root CA certificate in the Root CA Trust List. The consequence is that they are rejecting all certificates issued by our PKI and are not able to connect to services. The easy way to solve the issue is to install back the root CA certificate but we are not able to identified the cause.
Does anyone has an idea of what can cause tha issue? Any help would be greatly appreciated.
Thanks.
All replies (3)
Tuesday, March 3, 2020 4:06 AM
Hello,
Thank you for posting in our TechNet forum.
To better understand our question, please confirm the following information:
According to our description "Some of our workstations running Win 10 Pro v 1803 are missing the local root CA certificate in the Root CA Trust List.", so we have our internal PKI and CA, and these workstation are in the domain, is that right?
Do we mean the root CA certificate in the Root CA Trust List on all the domain-joined machines or on only some machines we mentioned above is missing?
Meanwhile, if we have single-tier CA, we can add the root CA certificate into the Trusted Root Certification Authority container on the workstations by deploying the following group policy setting:
Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities\ right click Trusted Root Certification Authorities and select import the root certificate
Meanwhile, if we have two-tier CA, we can add the root CA certificate into the Trusted Root Certification Authority container on the workstations by deploying the following group policy setting:
Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities\ right click Trusted Root Certification Authorities and select import the root certificate
and
Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Intermediate Certification Authorities\ right click Intermediate Certification Authorities and select import the intermediate CA certificate
If we add the root CA certificate to the Trusted Root Certification Authority container, will the root certificate be missing again? If so, we can try to check if we can see any event as below:
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, March 5, 2020 2:54 AM
Hi,
If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, March 9, 2020 1:33 AM
Hi,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].