Reference Material | Installing the self-signed SSL certificate

If you configured the Specops Password Reset web server to use a self-signed SSL certificate, users will receive a warning when visiting the web server. To prevent this error, you can use GPOs to install a self-signed certificate to Trusted Root Certification Authorities.

Note: It is not recommended to use a self-signed server authentication certificate in a production environment.

  1. Open Microsoft Management Console.
  2. Select File, and click Add/Remove Snap-in…
  3. Select the Certificates snap-in, and click Add.
  4. Select Computer account, and click Next.
  5. Select Local computer, and click Finish.
  6. Click OK.
  7. In the left pane, expand Certificates (Local Computer).
  8. Expand the Personal node, and click Certificates.
  9. Right-click on the newly created certificate, select All Tasks, and click Export…
  10. The Certificate Export Wizard will open. Click Next to continue.
  11. Verify No, do not export the private key is selected, and click Next.
  12. Verify DER encoded binary is selected, and click Next.
  13. Specify a file name with .CER extension, and click Next.
  14. Click Next.
  15. Click Finish.

Deploy the certificate using GPOs

  1. Open Group Policy Management Console.
  2. Select a GPO that affects all computers that will be used with Specops Password Reset.
  3. Right-click on the GPO, and click Edit…
  4. Browse to Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies.
  5. Right-click Trusted Root Certification Authorities, and select Import.
  6. The Certificate Import Wizard will open. Click Next to continue.
  7. Click Browse… to select the file that was previously exported, and click Open.
  8. Click Next.
  9. Ensure that certificate is placed in the Trusted Root Certification Authorities store is selected, and click Next.
  10. Click Finish.

The settings will be applied to all affected computers during the next Group Policy refresh interval.