Updating root certificates
made "Turn Off Automatic Root Certificates Updates" to Enable. This list of root certificates is explicitly trusted and changes from time to time for various reasons.Is this the right way to turn off Automatic root certificates updates on windows server 2008 box ?? Windows automatically gets updates for this trusted list.Select the computer whose local GPO you want to edit, and click Finish / OK.Now, back in the MMC console tree, navigate to Local Computer Policy and click OK. To see how you can manage trusted root certificates for a domain and how to add certificates to the Trusted Root Certification Authorities store for a domain, visit Technet.
If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate." A user will trust the issuing Public CA - they will do this based on the ROOT certificate issued by the public CA.
Setting the following registry Key to 0 fixes the problem.
The certificates begin installing immediately after the change.
It seems that this is due to the oddball GPO that my company uses.
As outlined here the GPO setting Computer Configuration\Administrative Templates\System\Internet Communication Management\Turn off Automatic Root Certificates Update was We found that the root CAs were out of date on some of our Windows 2012 R2 servers.
Search for updating root certificates:
Open MMC and press the File menu link and select Add/Remove Snap-in.