> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truu.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Add TruU Cloud Trust Certificates Domain Controllers

> This next step will add TruU Cloud Trust certs to each domain controller. The Customer can use group policy or manually install the certificates on each domain controller.

## Update the Domain Controller GPO

1. Go to "Group Policy Management".
2. Edit the “Default Domain Controller Policy”.
   <img src="https://mintcdn.com/truu-2/jMF4bYA9yOA_2TKv/images/docs/37c75e019e3c5f510e127b86a19071cda821d385670d3f2b08614003c53ab94c-image.png?fit=max&auto=format&n=jMF4bYA9yOA_2TKv&q=85&s=a3b342a110c440a7de06e020052576d3" alt="" width="697" height="471" data-path="images/docs/37c75e019e3c5f510e127b86a19071cda821d385670d3f2b08614003c53ab94c-image.png" />
3. Go to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Public Key Policy".
   <img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/a1fff4214720160f54e9c11a62622a46fa55566e0fbcf46cc980ee6b62182053-image.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=a57c1c4d4bbcb43e7ba818b5df478b0d" alt="" width="691" height="583" data-path="images/docs/a1fff4214720160f54e9c11a62622a46fa55566e0fbcf46cc980ee6b62182053-image.png" />
4. Right Click on **Trusted Root Certification Authorities** and Click **Import**.
   <img src="https://mintcdn.com/truu-2/m22YLP0oXSNG0U3O/images/docs/704425ce9dd95313e723ec76e3289d6f3589fa314c018fe8131fccb2d62ea7dd-image.png?fit=max&auto=format&n=m22YLP0oXSNG0U3O&q=85&s=a08f9d2447bbdb92abbd54f3cbb830ea" alt="" width="415" height="355" data-path="images/docs/704425ce9dd95313e723ec76e3289d6f3589fa314c018fe8131fccb2d62ea7dd-image.png" />
5. Import the TruU Cloud CA Trust root certificate.
   <img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/a2e25c7d18835ec9384db217c4ec894072c564b67117c290816f1d6a57499a16-image.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=0f70cd929de5428b26935806042879cd" alt="" width="545" height="331" data-path="images/docs/a2e25c7d18835ec9384db217c4ec894072c564b67117c290816f1d6a57499a16-image.png" />
6. Right Click on **Intermediate Certification Authorities** and Click **Import**.
   <img src="https://mintcdn.com/truu-2/ehCBQgFdl_pQd0MN/images/docs/ab5a8fb03a78fed2296d12c86a0a4733e2824632784c4d9b60a7bccf6be90804-image.png?fit=max&auto=format&n=ehCBQgFdl_pQd0MN&q=85&s=0a6e236045f3d703a111ed0b9928a83d" alt="" width="373" height="384" data-path="images/docs/ab5a8fb03a78fed2296d12c86a0a4733e2824632784c4d9b60a7bccf6be90804-image.png" />
7. Import the Certificate Authority Chain.
   <img src="https://mintcdn.com/truu-2/ehCBQgFdl_pQd0MN/images/docs/b3247674bea69f5a7408bbaee3c807c00ee55263d24ce74e48d1c91ede44212f-image.png?fit=max&auto=format&n=ehCBQgFdl_pQd0MN&q=85&s=075f431ed1ec6fe3085d4a54d7a4cda7" alt="" width="502" height="495" data-path="images/docs/b3247674bea69f5a7408bbaee3c807c00ee55263d24ce74e48d1c91ede44212f-image.png" />

### Validation

1. Go to Domain Controller.
2. Open the command prompt as administrator and run *GPUPDATE /force.*
   <img src="https://mintcdn.com/truu-2/L38yxuvvUa8uAW5I/images/docs/10450e851f1121d3484ba68e3f2cc1d4e386267399e85d608cfd59211b76bfc8-image.png?fit=max&auto=format&n=L38yxuvvUa8uAW5I&q=85&s=8d29141c01be1ca2f3918dafabc6911d" alt="" width="988" height="209" data-path="images/docs/10450e851f1121d3484ba68e3f2cc1d4e386267399e85d608cfd59211b76bfc8-image.png" />
3. Open local domain controller certificate store.
4. Open **Run** on the server by pressing **Windows Key + R.**.
5. In Run type in *certlm.msc* and hit **Enter**.
6. Go to the "Trusted Root Certification Authorities" and then "Certificates", you will see the root certificate.
   <img src="https://mintcdn.com/truu-2/YlfY4z_3_-uDkBaP/images/docs/698b9fadf712b7c5eb270d4275e2ce4d438b94234c0dcf2219b8b9ca3456b016-image.png?fit=max&auto=format&n=YlfY4z_3_-uDkBaP&q=85&s=3f186b84616e9aa545bfeb02455f5853" alt="" width="1015" height="393" data-path="images/docs/698b9fadf712b7c5eb270d4275e2ce4d438b94234c0dcf2219b8b9ca3456b016-image.png" />
7. Go to the "Intermediate Root Certification Authorities" and then "Certificates", you will see the issuing certificates certificate.
   <img src="https://mintcdn.com/truu-2/ehCBQgFdl_pQd0MN/images/docs/b83f40742b3fe7ddc26e8f1c30f350928f703d440526aff0d40faffa39f9e8f7-image.png?fit=max&auto=format&n=ehCBQgFdl_pQd0MN&q=85&s=dd000eeb63d242d2965a01b23fcd03f8" alt="" width="1009" height="420" data-path="images/docs/b83f40742b3fe7ddc26e8f1c30f350928f703d440526aff0d40faffa39f9e8f7-image.png" />

***

[Add Issuing CA Cert to NT Auth Store](/docs/add-issuing-ca-cert-to-nt-auth-store)

[Add Issuing CA Cert to NT Auth Store](/docs/add-issuing-ca-cert-to-nt-auth-store)

[Add TruU Cloud Trust Certificates to Computers](/docs/add-truu-cloud-trust-certificates-to-computers)