Policies to establish trust of root certification authorities
When a client presents a certificate to a host, the host has to trust the certificate of the root certification authority (CA) in the certification path to accept the certificate as a valid credential. You might want to establish trust automatically in specific root CAs for groups of users or computers.
You can use Public Key Policies in Group Policy to establish common trusted root CAs for the users and computers that are associated with a Group Policy object When you apply the Group Policy object to a site, domain, or organizational unit, the policy is inherited by the corresponding computers. These computers then trust the root CAs whose certificates you have imported into the trusted root certification authority policy.
You have the option of designating trusted CAs by using either the trusted root certification authority policy or the enterprise trust policy. Use the following guidelines in determining which policy to use:
For more information, see: