If you use an intermediate certification authority (CA) to issue smart card login or domain controller certificates, you must add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory.
- On the Active Directory server, navigate to the Group Policy Management plug-in.
Right-click your domain and click Properties.
On the Group Policy tab, click Open to open the Group Policy Management plug-in.
Right-click Default Domain Policy, and click Edit.
Expand your domain, right-click Default Domain Policy, and click Edit.
- Expand the Computer Configuration section and open the policy for Windows Settings\Security Settings\Public Key.
- Right-click Intermediate Certification Authorities and select Import.
- Follow the prompts in the wizard to import the intermediate certificate (for example, intermediateCA.cer) and click OK.
- Close the Group Policy window.
All of the systems in the domain now have a copy of the intermediate certificate in their intermediate certification authority store.