Blog Post

Intune Customer Success
6 MIN READ

Adding a Certificate to Trusted Publishers using Microsoft Intune

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Dec 10, 2020
By Jason Sandys – Sr. Program Manager | Microsoft Intune   Two significant actions on Windows devices require code-signing using a trusted, code-signing certificate: Third-party application u...
Code-signing certificate dialog boxes on a Windows device.
Updated Nov 11, 2024
Version 10.0
JeffAre's avatar
JeffAre
Copper Contributor
Jun 23, 2022

Adding trusted publisher certs is handy for silent install of software that contains drivers. Can deploy the certs before the software. Here is a few lines of powershell to create a text file with information need to create the config. Works without error.

 

$cert = (get-item .\DriverCert.cer).FullName
$cert >> cert.txt
$thumbprint = ([System.Security.Cryptography.X509Certificates.X509Certificate2]::new($cert)).thumbprint 
"./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/$thumbprint/EncodedCertificate" >> cert.txt
[System.Convert]::ToBase64String(([System.Security.Cryptography.X509Certificates.X509Certificate2]::new($cert)).Export('Cert')) >> cert.txt
KyleS_85226's avatar
KyleS_85226
Copper Contributor
Apr 23, 2025

I expanded on your script a bit in case people are struggling, and it opens a the output file afterwards also.  Run it in PowerShell_ISE or VSCode (or Terminal>Powershell if you edit the paths at the top first):

$myCert = "C:\Temp\mycert.cer"
$outputDir = "C:\temp\mycertoutput"

#=========== No changes below ==========
$output = $outputDir+'\'+"CertOutput.txt"
# Import the certificate as an object
$certObj = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($mycert)

# Test and create output directory if needed
If(-Not(Test-Path $outputDir)) { New-Item -ItemType Directory $outputDir | Out-Null }

#Get Cert properties
$certpath= (get-item $myCert).FullName
$subject = $certObj.SubjectName.Name
$thumbprint = $certObj.Thumbprint
$OMA_URI = "./Device/Vendor/MSFT/RootCATrustedCertificates/TrustedPublisher/$thumbprint/EncodedCertificate"
$certContent = [System.Convert]::ToBase64String($certObj.Export('Cert'))

# Output cert info to output file and open file
"Imported Cert Path: $certpath" >> $output
"`nSubject: $subject" >> $output
"`nThumbprint: $thumbprint"  >> $output
"`nOMA-URI Path for Intune: $OMA_URI" >> $output
"`nEncrypted Cert Content (line breaks in Notepad - copy all from 'MII', including trailing '=='):`n`n$certContent" >> $output
"`n`n--------END OUTPUT-----------" >> $output
Invoke-Item $output