To add a trusted root certification authority to a Group Policy object
Log on to a domain for which you have administrative privileges to manage the Group Policy object that you want to change.
Open the Group Policy object that you want to edit.
In the console tree, click Trusted Root Certification Authorities.
Policy Object Name > Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities
On the Action menu, point to All Tasks, and then click Import. This starts the Certificate Import Wizard, which guides you through the process of importing a root certificate and installing it as a trusted root certification authority (CA) for this Group Policy object.
To open a Group Policy object, see Related Topics.
To use this procedure, you must have administrative privileges for the Group Policy object.
This procedure does not apply to Local Policy objects.
You can import a trusted root certificate from a PKCS #12 file (.pfx, .p12), a PKCS #7 file (.spc, .p7b), a certificate file (.cer, .crt), or a Microsoft serialized certificate store file (.sst).