使用群組原則來散發憑證 Client 的電腦Distribute Certificates to Client Computers by Using Group Policy

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

您可以使用下列程序推入適當的安全通訊端層 (SSL) 憑證 \(或相當於憑證鏈結該受信任的 root\)account 聯盟伺服器、資源聯盟伺服器,與每個 client 的電腦使用群組原則來 account 合作夥伴森林中的網頁伺服器。You can use the following procedure to push down the appropriate Secure Sockets Layer (SSL) certificates (or equivalent certificates that chain to a trusted root) for account federation servers, resource federation servers, and Web servers to each client computer in the account partner forest by using Group Policy.

在成員資格網域系統管理員企業系統管理員 」,或相當於,在 Active Directory Domain Services (AD DS) 的最低需求完成此程序。Membership in Domain Admins or Enterprise Admins, or equivalent, in Active Directory Domain Services (AD DS) is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組\ (go.microsoft.com\ fwlink\ 方式 http://// # / 嗎?LinkId\ = 83477)。Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

將憑證 client 的電腦使用群組原則To distribute certificates to client computers by using Group Policy

  1. Account 合作夥伴公司的樹系的網域控制站,在 [開始]群組原則管理snap\ 中。On a domain controller in the forest of the account partner organization, start the Group Policy Management snap-in.

  2. 尋找現有的群組原則物件 (GPO) 或建立新的 GPO 包含憑證設定。Find an existing Group Policy Object (GPO) or create a new GPO to contain the certificate settings. 確保相關聯的網域、網站或組織單位 GPO (OU) 適當的使用者及電腦帳號所在的位置。Ensure that the GPO is associated with the domain, site, or organizational unit (OU) where the appropriate user and computer accounts reside.

  3. Right\ 按一下 GPO,然後再按一下編輯Right-click the GPO, and then click Edit.

  4. 在主控台開放電腦 Configuration\Policies\Windows Settings\Security Settings\Public 原則,right\ 按受信任的根憑證授權單位,,然後按一下 [匯入In the console tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies, right-click Trusted Root Certification Authorities, and then click Import.

  5. 歡迎精靈憑證匯入頁面上,按一下 [On the Welcome to the Certificate Import Wizard page, click Next.

  6. 匯入檔案頁面上,輸入適當的憑證檔案的路徑 \ (例如,\\fs1\c$\fs1.cer),然後按一下 [On the File to Import page, type the path to the appropriate certificate files (for example, \\fs1\c$\fs1.cer), and then click Next.

  7. 憑證存放區頁面上,按一下 [將所有憑證都放在市集中下列,然後按一下 [下一步On the Certificate Store page, click Place all certificates in the following store, and then click Next.

  8. 完成精靈憑證匯入頁面,確認使用正確,您所提供的資訊,然後按完成]On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.

  9. 重複步驟 2 透過新增額外的憑證每個聯盟伺服器 6。Repeat steps 2 through 6 to add additional certificates for each of the federation servers in the farm.