search cancel

Use "Run Script" task to remotely install certificate to Trusted Root


Article ID: 238630


Updated On:


IT Management Suite Client Management Suite Server Management Suite


There is a need to push out a trusted root certificate (not used for ITMS) to machines managed with an agent


We have built in mechanisms for pushing out certs used by ITMS/Management Platform. However, customer would like to push out another cert which is not used by ITMS nor stored in the management console.


ITMS 8.5 and later


The following run script task has been tested and meets the needs for remote cert installation in some scenarios. There are other methods of doing this but this is a good working example:

Step 1:
Create a network share on the machine where the certificate is stored and set appropriate rights to the share for the user you would like to install and run the script with.

In this example, a share was created on the Notification Server. Full control for Domain Admins was granted to the share since I will be running my task with Domain Admin user/credentials

Step 2:
Create a "Run Script" Task/job in the console:

The first "net use" command maps local drive m: to network location \\NS\share which is our newly created share on the NS server (can substitute "NS" for server IP Address)

The second line imports the certificate stored in \\NS\share to the local machine in Trusted Root CA store

The last line removes the m: network mapping to clean up remnants of the script on the machine it was executed on

net use m: \\NS\share
Import-Certificate -FilePath "M:\test.Cer" -CertStoreLocation Cert:\LocalMachine\Root
net use /del m:

The user under which the script is executed can be set in "Advanced..." by clicking on this below and to the right of the script window in the task.

Click "Save changes" and run the task against machines to install the cert to Trusted Root CA store.

This as-is guide is to assist in remote certificate installation with built in task available in ITMS.