Automatic Installation of Decryption Certificate using Group Policy

To automatically install the Decryption Certificate using Group Policy, copy the myca.der file into your Domain Controller and start the Group Policy Management snap-in.

In Group Policy Management, expand Forest / Domains / Your domain / Group Policy Objects / Default Domain Policy. Right click on it and choose Edit as shown on the following screenshot.

In Group Policy Management editor addin, select Policies / Window Settings / Security Settings / Public Key Policies / Trusted Root Certification Authorities, right click on the right pane and select Import as shown on the following screenshot.

A certificate import wizard appears. Click it through, selecting the certificate you downloaded previously and ensuring the certificate goes to Trusted Root Certification Authorities store.

Note: the myca.der certificate has a DER file extension and not CER as usual, but that is absolutely fine and does not matter for the system, just do not forget to select Show All Files in file browsing dialog when uploading.

The certificate will be added to Trusted Root Certification Authorities store automatically.

After certificate import wizard finishes you will see your certificate in the list.

The domain policy shall be applied to your domain-joined computers after reboot (logoff/logon). To ensure it is indeed applied you might need to run gpupdate /force command on every desktop.