If a View server certificate is signed by a CA that is not trusted by View Client computers and client computers that access View Administrator, you can configure all Windows client systems in a domain to trust the root and intermediate certificates. To do so, you must add the public key for the root certificate to the Trusted Root Certification Authorities group policy in Active Directory and add the root certificate to the Enterprise NTAuth store.

For example, you might have to take these steps if your organization uses an internal certificate service.

You do not have to take these steps if the Windows domain controller acts as the root CA, or if your certificates are signed by a well known CA. For well known CAs, the operating system venders preinstall the root certificate on client systems.

If your View server certificates are signed by a little-known intermediate CA, you must add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory.

For View Clients that run on other operating systems and devices, see the following instructions for distributing root and intermediate certificates that users can install:

For View Client for Mac OS X, see Configure View Client for Mac OS X to Trust Root and Intermediate Certificates.

For View Client for iPad, see Configure View Client for iPad to Trust Root and Intermediate Certificates.

For View Client for Android, see documentation on the Google Web site, such as the Android 3.0 User's Guide

For View Client for Linux, see the Ubuntu documentation

Verify that the View server certificate was generated with a KeyLength value of 1024 or larger. View Client for Windows and View Client for Windows with Local Mode will not validate a certificate on a View server that was generated with a KeyLength under 1024, and the View Clients will fail to connect to View.

1

On your Active Directory server, use the certutil command to publish the certificate to the Enterprise NTAuth store.

For example: certutil -dspublish -f path_to_root_CA_cert NTAuthCA

2

On the Active Directory server, navigate to the Group Policy Management plug-in.

AD Version

Navigation Path

Windows 2003

a

Select Start > All Programs > Administrative Tools > Active Directory Users and Computers.

b

Right-click your domain and click Properties.

c

On the Group Policy tab, click Open to open the Group Policy Management plug-in.

d

Right-click Default Domain Policy, and click Edit.

Windows 2008

a

Select Start > Administrative Tools > Group Policy Management.

b

Expand your domain, right-click Default Domain Policy, and click Edit.

3

Expand the Computer Configuration section and go to Windows Settings > Security Settings > Public Key Policies.

4

Import the certificate.

Option

Description

Root certificate

a

Right-click Trusted Root Certification Authorities and select Import.

b

Follow the prompts in the wizard to import the root certificate (for example, rootCA.cer) and click OK.

Intermediate certificate

a

Right-click Intermediate Certification Authorities and select Import.

b

Follow the prompts in the wizard to import the intermediate certificate (for example, intermediateCA.cer) and click OK.

5

Close the Group Policy window.

All systems in the domain now have certificate information in their trusted root certificate stores and intermediate certificate stores that allows them to trust the root and intermediate certificates.