locked
Deploy certificates with SCCM 2012 RRS feed

  • Question

  • Is there a function or way to deploy certain certificates, that has to be installed on a client, using SCCM 2012 and imported with momcertimport? 
    Like some sort of Certificate Management?

    (Those certificates needs to be requested from a Microsoft CA server)

    Kind regards

    Wednesday, June 5, 2013 9:24 AM

Answers

  • There's no built-in mechanism. Why not using a GPO for auto-enrollment?
    You can use certutil.exe to install certs though.

    Torsten Meringer | http://www.mssccmfaq.de

    • Proposed as answer by Garth JonesMVP Friday, February 13, 2015 11:08 PM
    • Marked as answer by Garth JonesMVP Saturday, November 14, 2015 4:32 PM
    Wednesday, June 5, 2013 9:29 AM
  • Hi,
    There is no such feature for certificate management, you will have to script it yourself. Using for instance certutil.exe, for example:

    certutil.exe –addstore Root wsusself.cer

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    • Proposed as answer by Garth JonesMVP Friday, February 13, 2015 11:08 PM
    • Marked as answer by Garth JonesMVP Saturday, November 14, 2015 4:32 PM
    Wednesday, June 5, 2013 9:29 AM

All replies

  • There's no built-in mechanism. Why not using a GPO for auto-enrollment?
    You can use certutil.exe to install certs though.

    Torsten Meringer | http://www.mssccmfaq.de

    • Proposed as answer by Garth JonesMVP Friday, February 13, 2015 11:08 PM
    • Marked as answer by Garth JonesMVP Saturday, November 14, 2015 4:32 PM
    Wednesday, June 5, 2013 9:29 AM
  • Hi,
    There is no such feature for certificate management, you will have to script it yourself. Using for instance certutil.exe, for example:

    certutil.exe –addstore Root wsusself.cer

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    • Proposed as answer by Garth JonesMVP Friday, February 13, 2015 11:08 PM
    • Marked as answer by Garth JonesMVP Saturday, November 14, 2015 4:32 PM
    Wednesday, June 5, 2013 9:29 AM
  • no there is no such feature yet. ConfigMgr 2012 R2 just announced some Certificate Management features. In the current releast you are limited to create a package that deployes the cert using certutil.exe 

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    • Proposed as answer by Garth JonesMVP Friday, February 13, 2015 11:08 PM
    Wednesday, June 5, 2013 9:33 AM
  • Thank you for your answers.

    For firewall reasons every certificate needs to be created on the SCCM server (cer & pfx, and all that works fine with powershell scripts, server en client side scripts). So these scripts deploy the pfx file to the target along with the password for it.. So securitywise it isn't the best thing to do. So i was hoping there was some kind of built in function in SCCM. Plus every certificate for every server is a different one because it is intended only for one server. Is this also possible with GPO auto-enrollment?

    Wednesday, June 5, 2013 9:34 AM