Forum Discussion
Installing certificate
I want to import a .pfx device certificate to Personal\Certificate location as a local machine. Next, I want to make sure that I do not want to expose this certificate for compromise. Currently, I am copying this to the location machine and pointing it to that location to import but it is not working with the command I use
certutil.exe -f -p password -importfx c:\temp\cert.pfx NoExport
I have packaged this as Intune Apps to push it through Intune. It fails. One other stuff is that I am using the registry check to see it is there. What I am seeing is, that I am not able to delete the registry entry when I initially installed this cert and am not sure why it would not allow me to delete it. So, I am checking if it exists then do not install and if not install. Unfortunately, since it exists from the prior install, I am not able to install.
2 things I need here
1. How to delete the cert registry value
2. Is there a way I can use Powershell script to do this or me running this as a CMD file is good and packing it in Intune should do.
Currently, I have packaged it as cmd file.
Just put the PFX file and the install.cmd plus a uninstall.cmd in one directory and create a Win32 package.
You can use this as install.cmd
powershell.exe -executionpolicy bypass .\install.ps1
The install.ps1 file contains:
import-pfxcertificate -FilePath .\certificate.pfx -Exportable:$false -Password '123123' -CertStoreLocation Cert:\CurrentUser\My
the uninstall.cmd file contains the following:
powershell.exe -executionpolicy bypass .\uninstall.ps1
The uninstall.ps1 file contains the following:
Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname' | Remove-Item -Force:$true
Use a detection.ps1 containing:
If (Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname') {
Write-Host ("Certificate yoursubjectname found")
exit 0
}
else {
Write-Host ("Certificate yoursubjectname not found")
exit 1
}
Set the scope to User and test it 🙂 (Because I didn't 😛 )
10 Replies
Just put the PFX file and the install.cmd plus a uninstall.cmd in one directory and create a Win32 package.
You can use this as install.cmd
powershell.exe -executionpolicy bypass .\install.ps1
The install.ps1 file contains:
import-pfxcertificate -FilePath .\certificate.pfx -Exportable:$false -Password '123123' -CertStoreLocation Cert:\CurrentUser\My
the uninstall.cmd file contains the following:
powershell.exe -executionpolicy bypass .\uninstall.ps1
The uninstall.ps1 file contains the following:
Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname' | Remove-Item -Force:$true
Use a detection.ps1 containing:
If (Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname') {
Write-Host ("Certificate yoursubjectname found")
exit 0
}
else {
Write-Host ("Certificate yoursubjectname not found")
exit 1
}
Set the scope to User and test it 🙂 (Because I didn't 😛 )- Thanks Harm. I think this should do, as I am testing now. But, the detection.ps1 I cannot use it as a file in Intune when I am creating the Apps, it is either MSI, Registry or File/Folder. So, if I select file and use detection.ps1 then it errors. How can we use the .PS1 with this detection script? Also when you say "Your Subject Name" it means my registry entry.
You should choose to Use a custom detection script for that as a Rules Format under Detection rules 😉 The subject name is the certificate's name after importing it. You can check it on the system where you installed the certificate by running Get-Childitem -Path Cert:CurrentUser\My
