Forum Discussion

oryxway's avatar
oryxway
Iron Contributor
Mar 01, 2023
Solved

Installing certificate

I want to import a .pfx device certificate to Personal\Certificate location as a local machine. Next, I want to make sure that I do not want to expose this certificate for compromise. Currently, I am...
Intune
  • Harm_Veenstra's avatar
    Harm_Veenstra
    Mar 01, 2023

    Just put the PFX file and the install.cmd plus a uninstall.cmd in one directory and create a Win32 package.

    You can use this as install.cmd
    powershell.exe -executionpolicy bypass .\install.ps1

    The install.ps1 file contains:
    import-pfxcertificate -FilePath .\certificate.pfx -Exportable:$false -Password '123123' -CertStoreLocation Cert:\CurrentUser\My

    the uninstall.cmd file contains the following:
    powershell.exe -executionpolicy bypass .\uninstall.ps1

    The uninstall.ps1 file contains the following:
    Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname' | Remove-Item -Force:$true

    Use a detection.ps1 containing:
    If (Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname') {
    Write-Host ("Certificate yoursubjectname found")
    exit 0
    }
    else {
    Write-Host ("Certificate yoursubjectname not found")
    exit 1
    }

    Set the scope to User and test it 🙂 (Because I didn't 😛 )

Harm_Veenstra's avatar
Harm_Veenstra
MVP
Mar 01, 2023

Just put the PFX file and the install.cmd plus a uninstall.cmd in one directory and create a Win32 package.

You can use this as install.cmd
powershell.exe -executionpolicy bypass .\install.ps1

The install.ps1 file contains:
import-pfxcertificate -FilePath .\certificate.pfx -Exportable:$false -Password '123123' -CertStoreLocation Cert:\CurrentUser\My

the uninstall.cmd file contains the following:
powershell.exe -executionpolicy bypass .\uninstall.ps1

The uninstall.ps1 file contains the following:
Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname' | Remove-Item -Force:$true

Use a detection.ps1 containing:
If (Get-Childitem -Path Cert:CurrentUser\My | Where-Object Subject -Match 'yoursubjectname') {
Write-Host ("Certificate yoursubjectname found")
exit 0
}
else {
Write-Host ("Certificate yoursubjectname not found")
exit 1
}

Set the scope to User and test it 🙂 (Because I didn't 😛 )

oryxway's avatar
oryxway
Iron Contributor
Mar 01, 2023
Thanks Harm. I think this should do, as I am testing now. But, the detection.ps1 I cannot use it as a file in Intune when I am creating the Apps, it is either MSI, Registry or File/Folder. So, if I select file and use detection.ps1 then it errors. How can we use the .PS1 with this detection script? Also when you say "Your Subject Name" it means my registry entry.
  • Harm_Veenstra's avatar
    Harm_Veenstra
    MVP
    Mar 01, 2023

    You should choose to Use a custom detection script for that as a Rules Format under Detection rules ğŸ˜‰ The subject name is the certificate's name after importing it. You can check it on the system where you installed the certificate by running Get-Childitem -Path Cert:CurrentUser\My

    • oryxway's avatar
      oryxway
      Iron Contributor
      Mar 01, 2023
      I tried this on the machine where this PFX is installed, unfortunately nothing came up

      Get-Childitem -Path Cert:CurrentUser\My

      I tried to run this on my office destktop and I did get couple but mostly related to Adobe and nothing related to this certificate which is installed under Personal\Certificate. The certificate is installed.

      Any other suggestions thoughts?

      • Harm_Veenstra's avatar
        Harm_Veenstra
        MVP
        Mar 01, 2023
        Is it in your computer certificate store?

Resources