We have a problem with a specific website which our staff need to access via Internet Explorer on our Citrix server (running Win2K3).
When connecting via SSL (a requirement), the site is inaccessible because the certificate issuer's certificate is not in the Trusted Root Certification Authorities.
If I manually import the certificate chain (exported my PC), it works, but I'd rather not do that for each user: Is there a way I can import the certificate for all users?
I found this MS KB article which details importing certificates in to the Local Computer store to resolve a different issue; would that apply here?
Importing the certificate into the machine's Trusted Root Certificate store will resolve your issue. It's not necessary for the CA to be trusted by each user. If the machine trusts the CA then the users will "inherit" that trust automatically.
The procedure in that KB article is basically correct. Be sure to choose the computer when adding the Certificates snap-in and the "Trusted Root Certificate Authorities" when choosing the store to place the certificate into.
Why not deploy the certificate via Group Policy? This link can guide you on how to do this.