IE7 aggressively warns about certificate failure; we have some internal sites that run over HTTPS and thus need a valid cert. We appear to have an certificate authority on the intranet that can sign SSL certs, but we have a problem: how do we mass configure desktops to trust the internal CA?
Is it possible to deploy the internal CA cert locally, via GPO?
The certificate can be distributed by group policy.
From: http://unixwiz.net/techtips/deploy-webcert-gp.html
In the Group Policy Object Editor, navigate down to: Computer Configuration
On Debian there's the pyca package for running a CA, however for all it does you basically need to know how OpenSSL's underlying CA support works.
There's always the AD CA tool, however I've found that it's only good for limited uses, perhaps have a main CA using the more capable OpenSSL based tools, then create an interim CA for the Windows stuff?