Assign a certificate

There are several ways of assigning a certificate to an endpoint. One way is to assign it by using a Microsoft Group Policy, which is described in this section. If you want to use a different method, make sure that the certificate is stored in the local machine certificate store.

To assign a certificate by using Group Policy:

  1. Open Group Policy Management console (gpeditmc.msc).
  2. Create a new group policy object (GPO) to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit which contains the users you want to manage with the policy.
  3. Right-click the GPO, and then select Edit.

    Group Policy Management Editor opens, and displays the current contents of the policy object.

  4. In the navigation pane, open Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers.
  5. Click the Action menu, and then click Import.
  6. Follow the instructions in the Certificate Import Wizard to find and import the certificate.
  7. If the certificate is self-signed, and cannot be traced back to a certificate that is in the Trusted Root Certification Authorities certificate store, then you must also copy the certificate to that store. In the navigation pane, click Trusted Root Certification Authorities, and then repeat steps 5 and 6 to install a copy of the certificate to that store.