Certificate Distribution
Table of Contents
- Understanding Certificate Distribution
- Installing Certificates
- Deleting Certificates
- Common Name Value (CN Value)
Understanding Certificate Distribution
This document provides the steps required to distribute digital certificates that are used on Windows platform. Using the Certificate Distribution configuration, you can distribute certificates such as SSL Certificates (for web browsers like Chrome) & AD CA Root Certificates (to authenticate users on your WiFi network) to specified targets.
Here are a few scenarios where Certificate Distribution configuration can be used to distribute certificates efficiently:
- Installing root certificates to authenticate AD users for WiFi access in an organization.
- Distribute security certificates to browsers like Chrome, Internet Explorer, etc to securely access websites within an organization.
Installing Certificates:
The following are the steps to install certificates to your specified targets:
- Navigate to Configurations -> Windows -> Certificate Distribution -> Computer.
- Specify the name and description of the configuration.
- Select the Install option.
- Select certificate store(s) to which the certificate should be distributed to.
- Browse and upload the certificate file from your computer.
- Specify password for the certificate file if required.
- You can select multiple certificate files to install using 'Add More Certificates' option.
Deleting Certificates:
The following are the steps to delete certificates from the certificate stores of targets selected:
- Navigate to Configurations -> Windows -> Certificate Distribution -> Computer.
- Specify the name and description of the configuration.
- Select the Delete option.
- There are two delete actions that you can perform:
- Delete specific certificate from the certificate store(s).
- Delete all expired certificates from the certificate store(s).
- Select the certificate store(s) from where certificates should be deleted.
- Specify the Common Name (CN) value of the certificates.
- All certificates with the given CN value will be deleted from the stores selected above.
- To delete a specific certificate, specify its unique serial number.
- You can select multiple certificate files to delete using 'Add More Certificates' option.
How to find the Common Name value (CN) and Serial Number of a certificate ?
To delete a specific certificate, you will have to specify a common name (CN) and its serial number. Find the CN and serial number from the certificate store of the computer where the certificate exists.
To find CN of a computer certificate directly from a machine
- Open the Certificate Manager: Press Windows Key + R, type certmgr.msc, and press Enter.
- Double-click the certificate you want to delete.
- In the certificate details, look for the Subject field. Copy the value under Common Name (CN). If 'CN' is missing, use the value in the Issued To field.
- Copy the Serial Number value from the details.
To find the CN of a computer certificate added to end-user machines by an administrator (using Microsoft Management Console)
- Navigate to Run prompt window and open Microsoft Management Console (MMC).
- Select File -> Add/Remove Snap-in.
- Select 'Certificates' from the available snap-ins.
- You can select for which account you would like to manage certificates for.
- Double click on the certificate to be deleted from the certificate store.
- Select Details tab -> Subject field.
- Copy the Common Name (CN) value. If CN value is not found, specify the value mentioned in Issued To column.
- Copy Serial number value from Details tab -> Serial number field.
You have successfully created a configuration to either distribute or delete certificates from the certificate store of the required computer.