共用方式為


Using enterprise trust policy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using enterprise trust policy

You can assign a certificate trust list (CTL) to a Group Policy object (GPO) either by creating a new CTL or by importing an existing one. If you are creating a new CTL, you must sign the CTL with a certificate issued for this purpose by a certification authority (CA).

Creating a CTL also requires:

  • The root certificates that you want to include in the CTL.

  • The purposes for which you want to trust the root certificates in the CTL.

For more information, see Enterprise trust policy, Create a certificate trust list for a Group Policy object, Edit a certificate trust list for a Group Policy object, and Delete a certificate trust list for a Group Policy object.