In the enrollment endpoints outside the Windows Domain, import the certificate of the CA that will issue certificates for the enrollment service.
To import the root CA certificate in non-domain endpoints
- Log in to the non-domain endpoint.
- Open a Command Prompt window. Select Start > Windows System > Command Prompt.
Enter the following command.
certutil -addstore Root <cert_path>Where
<cert_path>is the full path and file name of the CA certificate file.- Open the Certificate Manager snap-in. Select Start > Run, then enter
certlm.msc.
The certlm dialog box appears.
- In the tree view, expand Certificates – Local Computer > Trusted Root Certification Authorities > Certificates.
- In the content pane, verify that the root CA certificate you imported appears in the list of trusted root CA certificates.