There is a need to push out a trusted root certificate (not used for ITMS) to machines managed with an agent.
ITMS 8.5 and later
We have built-in mechanisms for pushing out certs used by ITMS/Management Platform. However, the customer would like to push out another cert that is not used by ITMS nor stored in the management console.
The following run script task has been tested and meets the needs for remote cert installation in some scenarios. There are other methods of doing this but this is a good working example:
Step 1:
Create a network share on the machine where the certificate is stored and set appropriate rights to the share for the user you would like to install and run the script with.
In this example, a share was created on the Notification Server. Full control for Domain Admins was granted to the share since I will be running my task with Domain Admin user/credentials
Step 2:
Create a "Run Script" Task/job in the console:
The first "net use" command maps local drive m: to network location \\NS\share which is our newly created share on the NS server (can substitute "NS" for server IP Address)
The second line imports the certificate stored in \\NS\share to the local machine in the Trusted Root CA store
The last line removes the m: network mapping to clean up remnants of the script on the machine it was executed on
net use m: \\NS\share
Import-Certificate -FilePath "M:\test.Cer" -CertStoreLocation Cert:\LocalMachine\Root
net use /del m:
The user under which the script is executed can be set in "Advanced..." by clicking on this below and to the right of the script window in the task.
Click "Save changes" and run the task against machines to install the cert to the Trusted Root CA store.
This as-is guide is to assist in remote certificate installation with built-in task available in ITMS.