To enable for example smart card login, the clients in the domain must trust the certificate authority (CA). That is done by creating a group policy object (GPO).

This article describes one of several ways to create a GPO and add the CA certificates there.

The following prerequisites apply:

A user with rights to create a GPO must be available.

Step-by-step instruction

To create a group policy object (GPO):

Start the Group Policy Management.
Create a group policy object (GPO).
In this example we called this Nexus PKI. Normally this GPO should affect all computers in the domain, so the default security group “Authenticated Users” that holds both computers and users.

To add the CA certificates in the group policy object (GPO):

Edit the GPO and browse to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies.
Import the Root CA to Trusted Root Certification Authorities
Import the Sub CA to Intermediate Certification Authorities

Nexus Documentation

Publish CA certificates to clients

Step-by-step instruction