The purpose of this document is to create a Group Policy to trust the Practice Protect (Centrify) SSL.
The instruction below is to be done by an IT administrator on the on-permise environment as well as an Admin in Practice Protect.
- Access to PPO Admin Portal
- Administrator access to the domain controller (Domain Admin)
1. Login to the Domain Controller.
2. Open a browser and login to Practice Protect.
3. Click on the Name on the upper right corner then Switch to Admin Portal.
4. Go to Settings > Network > Centrify Connectors. Click on the Connector (i.e. CBPDC) – This is the domain controller where you installed the connector.
5. On Centrify Connector Configuration, select IWA Service. Click on Download your IWA root CA certificate. This downloads the root certificate.
6. Take note of the exact location of the download and filename if the root certificate (IwaTrustRoot.cer).
7. Go to Start > Run > Type gpmc.msc to open Group Policy Management Console > Click OK.
8. In Group Policy Management Console, go to Group Policy Object > right click and select New to create the policy.
9. Name the Group Policy i.e Trust PPO Certificate and click OK.
10. Right click the newly created GPO (i.e. Trust PPO Certificate) and select Edit. This opens the Group Policy Management Editor and allows you to edit the policy.
11. In Group Policy Management Editor page go to Computer Configuration > Polices > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certication Authorities. Right click and select Import…
12. Follow the Import Wizard. Click Next.
13. Click Browse on the next page and select the certificate that was downloaded earlier.
14. Click Next.
15. On Completing the Certificate Import Wizard page, click Finish.
16. Click OK.
17. The imported certificate will now show on the right pane.
18. In Group Policy Management Editor page go to Computer Configuration > Polices > Windows Settings > Security Settings > Public Key Policies > Trusted Publishers. Right click and select Import…
19. Follow steps 12 -17 to import the same certificate on Trusted Publishers.
20. Close the Group Policy Management Editor. You are now ready to Link this GPO to your organization or specific OU.
21. In Group Policy Management Console, right click on a specifc OU where you want to apply the policy. On this example We will apply this to the whole organization or domain (cbpaccountants.com).
22. On Select GPO, select the newly created GPO (i.e. Trust PPO Certificate) then click OK.
23. This completes the process of Trusting the PPO (Centrify) SSL on your domain.