How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store
For Win 2008, Windows Server 2012:
Add Published Certificates to Active Directory Containers
“If a CA certificate is not added automatically when the new CA is created, such as a stand-alone CA created by a user who is not a member of the Enterprise Admins group, the CA certificate can still be added manually to the NTAuthCertificates container.
This process can also be used to add the CA certificate of a non-Microsoft CA that has been used to issue smart card logon or domain controller certificates. By publishing these CA certificates to the Enterprise NTAuth store, the administrator indicates that the CA is trusted to issue certificates of these types.”
Using Enterprise PKI: http://technet.microsoft.com/en-us/library/cc754963.aspx
Install the Enterprise PKI Console: http://technet.microsoft.com/en-us/library/cc771085.aspx