In first Section we will see how to install the root certificate on client machines using Active directory. In Second section we will see how we can install root cert manually.
In order to use any certificate, we need the signing authority of that certificate in the Certificate Trust List i.e. CTL on client machine. For Cisco based clients and the native Windows clients, Wireless Zero Configuration WZC clients works fine. In organization running Windows AD i.e.Active Directory, there is a way of globally inserting a Root Certificate in to the CTL of all users within the AD. If we doesn't use Active Directory then we need to go to second section for Manual Root Certificate installation.
Login as a Domain Administrator and go to group policy under "Active Directory Users and Groups".Normally the Root Certificate to be deployed to the entire domain, but you can limit the deployment to a certain Organizational Unit that contain a certain class of users. In this example we'll assume that deployment for the Root Certificate and Wireless PEAP Configuration in AD.
Right click on your domain --> click "Properties"as shown.
Click on the "Group Policy" Tab --> "New"and make a new policy called "PKI Policy" --> then click "Edit".
Under "Computer Configuration" --> right click on "TrustedRoot" --> click "Import".
Import the Self Signed Root Certificate and continue with "Next".
Once copied, "Root Certificate"to the C:\ directory of the machine--> you're editing the group policy on, type in the path and name and click "Next".
Click "Finish" and close all windows. Once complete the entire Active Directory will "trust" the new "Self Signed" certificate that is installed self-signed with the "Self-SSL" tool.
Manual Installation Procedure:-
In case we don't have AD, in that case we use Manual deployment the root certificate in user's Certificate Trust Lists (CTL). Also you need to distribute the "Root Certificate" either by posting it on an internal server/intranet etc. Distributing the certificate is safe as long as you didn't include the private key when you exported the certificate, but you might still want to keep the distribution of your root certificate internal.
Start by copying the Certificate Authority Certificate to clients Laptop, Desktop, or PDA by following the procedure.
Right click onthe file "MyuthServCert.cer" and click install Certificate.
Click "Next"on the welcome screen
Choose the second option and click "Browse
Click on "Show physical stores" and expand "Trusted Rood Certification Authorities" and select "Local Computer".
NOTE:- Check this particular instruction very carefully to put the cert inthe right place
Click OK, Next, and then Finish to complete.
Note that this same "Root Certificate" will works on all wireless clients. You simply need to download the "root certificate" and double tap on the file. It will prompt you to install it and click Yes or Ok and it is done.