Jump to content


Recommended Posts

hi 

is there a way to find/display specific certificate that is on client side

is there and rdl for the sccm report server ?

can i see the certificate in resource explorer ?

roni

Share this post


Link to post
Share on other sites

There are no built in inventory task for Certs and therefore no reports for this either. 

Share this post


Link to post
Share on other sites

Since Certs are not inventory by ConfigMgr, you will not be able to query on cert templates either. 

Share this post


Link to post
Share on other sites

You could use a Configuration Item + Baseline to build something that does this, pending on what you're looking for exactly. It's not Ideal, but possible.

With the WFH I've hacked a Powershell script together to check if the SCCM Client cert on the system is about to expire.

 

$Compliance = 'Compliant'
$templateName = 'SCCM Client Certificate'
$Check = Get-ChildItem 'Cert:\LocalMachine\My' | Where-Object{ $_.Extensions | Where-Object{ ($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName) }} | where { $_.notafter -le (get-date).AddDays(24)}
If ($Check) {$Compliance = 'NonCompliant'}
$Compliance

I've got the Data type set as a string and Compliance Rule to Equal "Compliant".

In above case we're checking on days validity left, you can change it as you like off course, and make sure to match the TemplateName to your actual Template name for the Cert from your certificate server.

We've deployed this on our workstations and put all non-compliant marked clients in a collection twice a day and based on that give our end-users some "attention" to connect to the VPN and get their cert renewed. Preferably we wouldn't be in this situation and we would have all the machine AzureAD joined so that with the CMG Client cert authentication wasn't needed, but for now alas it still is (but not for long anymore).

Hope it helps or at least gives you a start to build what you need 😉!

Edited by kevinnns

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...