/build/static/layout/Breadcrumb_cap_w.png

deploying security certificate with KACE

Has anyone ever tried to deploy a local security cert to workstations using KACE? I have software which I successfully deployed to machines but it needs the accompanying certificate to work properly. I know I can push it out using GPO, just wondering if it has ever been done with KACE instead. Not sure if this matters, but the software is the Palo Alto TRAPS client.


1 Comment   [ + ] Show comment
  • Should be easily doable with Powershell, which Kace handles quite well.

    https://docs.microsoft.com/en-us/powershell/module/pkiclient/import-certificate - isudothings 2 years ago

Answers (1)

Answer Summary:
Posted by: rileyz 2 years ago
Red Belt
0

Top Answer

I dont use KACE, but you can just push it out using command line.

I guess after installing the app, you can just run the cmd for the cert install - thats assuming you use a script to install the software.


Have a look at this script, you can bodge the bits out you need to install and remove the cert. Might need to adjust the store you're shoving it into tho.

https://gist.github.com/rileyz/464175e3bb96f1b67dfc


Bits you need to look at, you'll need to look at the code around it, but you should be able to get the jist.

Adding

&Certutil.exe -addstore -f "TrustedPublisher" "$Certificate" | Out-Null


Removing

$Shell = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$Shell.Import("$Certificate")
$CertificateSerialNumber = $Shell.GetSerialNumberString()
&Certutil.exe -delstore "TrustedPublisher" "$CertificateSerialNumber" | Out-Null


 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ