Installing the self-signed SSL certificate
If you configured the Specops Password Reset web server to use a self-signed SSL certificate, users will receive a warning when visiting the web server. To prevent this error, you can use GPOs to install a self-signed certificate to Trusted Root Certification Authorities.
Note
It is not recommended to use a self-signed server authentication certificate in a production environment.
- Open Microsoft Management Console.
- Select File, and click Add/Remove Snap-in…
- Select the Certificates snap-in, and click Add.
- Select Computer account, and click Next.
- Select Local computer, and click Finish.
- Click OK.
- In the left pane, expand Certificates (Local Computer).
- Expand the Personal node, and click Certificates.
- Right-click on the newly created certificate, select All Tasks, and click Export…
- The Certificate Export Wizard will open. Click Next to continue.
- Verify No, do not export the private key is selected, and click Next.
- Verify DER encoded binary is selected, and click Next.
- Specify a file name with .CER extension, and click Next.
- Click Next.
- Click Finish.
Deploy the certificate using GPOs
- Open Group Policy Management Console.
- Select a GPO that affects all computers that will be used with Specops Password Reset.
- Right-click on the GPO, and click Edit…
- Browse to Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies.
- Right-click Trusted Root Certification Authorities, and select Import.
- The Certificate Import Wizard will open. Click Next to continue.
- Click Browse… to select the file that was previously exported, and click Open.
- Click Next.
- Ensure that certificate is placed in the Trusted Root Certification Authorities store is selected, and click Next.
- Click Finish.
The settings will be applied to all affected computers during the next Group Policy refresh interval.