Obtain Certificate from Active Directory Certificate Services

Now that the certificate is created, for the trust to work we need to take the certificate from the Certificate Services and import it into the local Certificate Authorities (Root) certificate store.

The default Certificate location is here: C:WindowsSystem32CertSrvCertEnroll, and it will have the file extension of .crt. In my lab example, my certificate is called AD.SC.LAB_SC LAB Root CA.crt.

Default Cert Location

Make a copy of the certificate in a central location, so that the other servers will have access to it, so that we can import it into the Trusted Root Certification Authorities folder.