/build/static/layout/Breadcrumb_cap_w.png
01/11/2019 270 views

Has anyone ever tried to deploy a local security cert to workstations using KACE? I have software which I successfully deployed to machines but it needs the accompanying certificate to work properly. I know I can push it out using GPO, just wondering if it has ever been done with KACE instead. Not sure if this matters, but the software is the Palo Alto TRAPS client.

Answer Summary:
1 Comment   [ + ] Show comment

Comments

  • Should be easily doable with Powershell, which Kace handles quite well.

    https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-certificate

Answer Chosen by the Author

0

I dont use KACE, but you can just push it out using command line.

I guess after installing the app, you can just run the cmd for the cert install - thats assuming you use a script to install the software.


Have a look at this script, you can bodge the bits out you need to install and remove the cert. Might need to adjust the store you're shoving it into tho.

https://gist.github.com/rileyz/464175e3bb96f1b67dfc


Bits you need to look at, you'll need to look at the code around it, but you should be able to get the jist.

Adding

&Certutil.exe -addstore -f "TrustedPublisher" "$Certificate" | Out-Null


Removing

$Shell = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$Shell.Import("$Certificate")
$CertificateSerialNumber = $Shell.GetSerialNumberString()
&Certutil.exe -delstore "TrustedPublisher" "$CertificateSerialNumber" | Out-Null


Answered 01/12/2019 by: rileyz
Red Belt