01/11/2019 539 views

Has anyone ever tried to deploy a local security cert to workstations using KACE? I have software which I successfully deployed to machines but it needs the accompanying certificate to work properly. I know I can push it out using GPO, just wondering if it has ever been done with KACE instead. Not sure if this matters, but the software is the Palo Alto TRAPS client.

Answer Summary:
1 Comment   [ + ] Show comment


  • Should be easily doable with Powershell, which Kace handles quite well.


Answer Chosen by the Author


I dont use KACE, but you can just push it out using command line.

I guess after installing the app, you can just run the cmd for the cert install - thats assuming you use a script to install the software.

Have a look at this script, you can bodge the bits out you need to install and remove the cert. Might need to adjust the store you're shoving it into tho.


Bits you need to look at, you'll need to look at the code around it, but you should be able to get the jist.


&Certutil.exe -addstore -f "TrustedPublisher" "$Certificate" | Out-Null


$Shell = New-Object System.Security.Cryptography.X509Certificates.X509Certificate
$CertificateSerialNumber = $Shell.GetSerialNumberString()
&Certutil.exe -delstore "TrustedPublisher" "$CertificateSerialNumber" | Out-Null

Answered 01/12/2019 by: rileyz
Red Belt