How to deploy Root Certificate of Web Safety using Group Policy?

Web Safety is running integrated with Microsoft Active Directory. How to we deploy Root CA certificate of Web Safety to all domain-joined computers in our network?

In order to deploy Root CA certificate for HTTPS filtering to all domain-joined computers you would need to do the following.

First, download the myca.der certificate from Web Safety UI as shown on the following screenshot.


On your domain controller, start the Group Policy Management addin.


In Group Policy Management, expand Forest / Domains / Your domain / Group Policy Objects / Default Domain Policy. Right click on it and choose Edit as shown on the following screenshot.


In appeared Group Policy Management editor addin, select Policies / Window Settings / Security Settings / Public Key Policies / Trusted Root Certification Authorities, right click on the right pane and select Import as shown on the following screenshot.


A certificate import wizard appears. Click it through, selecting the certificate you downloaded previously and ensuring the certificate goes to Trusted Root Certification Authorities store.


Note: the certificate downloaded from Web Safety ends with DER and not CER as usual, but that is absolutely fine and does not matter for the system, just do not forget to select Show All Files in file browsing dialog when uploading.


The certificate will be added to Trusted Root Certification Authorities store automatically.


After certificate import wizard finishes you will see your certificate in the list.


Good now the domain policy shall be applied to your domain-joined computers after reboot (logoff/logon). To ensure it is indeed applied you might need to run gpupdate /force on every desktop.