Home » Certificate Distribution
 

Certificate Distribution

This document explains the steps required to distribute digital certificates that are used on Windows platform. Using the Certificate Distribution configuration, you can distribute certificates such as SSL Certificates (for web browsers like Chrome), AD CA Root Certificates (to authenticate users on your WiFi network) to specified targets.

Here are a few scenarios where Certificate Distribution configuration can be used to distribute certificates efficiently:

  1. Installing root certificates to authenticate AD users for WiFi access in an organization.
  2. Distribute security certificates to browsers like chrome, Internet Explorer, etc to securely access websites within an organization.

Installing Certificates

The following are the steps to install certificates to your specified targets:

  1. Navigate to Configurations -> Windows -> User -> Certificate Distribution.
  2. Specify the name and description of the configuration.
  3. Select the Install option.
  4. Select certificate store(s) to which the certificate should be distributed to.
  5. Browse and upload the certificate file from your computer.
  6. Specify password for the certificate file if required.
  7. You can select multiple certificate files to install using 'Add More Certificates' option.

Deleting Certificates

The following are the steps to delete certificates from the certificate stores of targets selected:

  1. Navigate to Configurations -> Windows -> User -> Certificate Distribution.
  2. Specify the name and description of the configuration.
  3. Select the Delete option.
  4. There are two delete actions that you can perform:
    • Delete specific certificate from the Certificate Store(s).
    • Delete all expired certificates from the Certificate Store(s).
  5. Select the certificate store(s) from where certificates should be deleted.
  6. Specify the Common Name (CN) value of the certificates.
  7. All certificates with the given CN value will be deleted from the Store(s) selected above.
  8. To delete a specific certificate, specify its unique Serial number.
  9. You can select multiple certificate files to delete using 'Add More Certificates' option.

How to find the Common Name value (CN) and Serial Number of a certificate ?

To delete a specific certificate, you will have to specify a common name (CN) and its serial number. Find the CN and serial number from the certificate store of the computer where the certificate exists.

To find CN of a computer certificate directly from a machine

  1. Open the Certificate Manager: Press Windows Key + R, type certmgr.msc, and press Enter.
  2. Double-click the certificate you want to delete.
  3. In the certificate details, look for the Subject field. Copy the value under Common Name (CN). If 'CN' is missing, use the value in the Issued To field.
  4. Copy the Serial Number value from the details.

To find the CN of a computer certificate added to end-user machines by an administrator (using Microsoft Management Console)

  1. Go to Run Prompt window.
  2. Navigate to Run prompt and open Microsoft Management Console (MMC).
  3. Select File -> Add/Remove Snap-in.
  4. Select 'Certificates' from the available snap-ins.
  5. You can select for which account you would like to manage certificates for.
  6. Double click on the certificate to be deleted from the certificate store.
  7. Certificate Store

  8. Select Details tab -> Subject field.
  9. Copy the Common Name (CN) value. If CN value is not found, specify the value mentioned in Issued To column.
  10. Common Name

  11. Copy Serial number value from Details tab -> Serial number field.
  12. Serial Number

    You have successfully created a configuration to distribute or delete certificates from the certificate store of the required computer.