Making internal passbolt server certificate show secure

Here’s a doozy… I’m lost and can’t find my way. I need to make the internal, windows domain-joined passbolt server trusted on our domain for all workstations on the domain.

I know that I need to import a .cer or .crt via certmgr.msc or certlm.msc under “Trusted Root Certification Authorities”. (Right-click, then use “All tasks → Import”.)

I know I can do this with a group policy that I can create in Group Policy Management.

So assuming the above final steps go ok…

  1. I create a csr from the .key (Thinking this is just incorrect since step 2 doesnt work)
    openssl req -new -key …/passbolt.FQDNSECRET.key -out passbolt.FQDNSECRET.csr

  2. Use the csr file to generate a trusted certificate using … Certificate Authority? (got an error here) Then I magically have a CER or CRT file

  3. I import the .crt or .cer into certlm or certmgr to test it out locally on my workstation… and then create GPO to distribute it to all the workstations on the network.

Does anyone know how to get me from Step 2 to Step 3? The documentation around PKI and windows certificate management is harsh.

Hi @pasbbolting If you haven’t seen this page yet it might be useful Passbolt Help | Troubleshoot SSL