need help with creating a worklet to install a personal certificate store and be able to deploy thos to multiple machines. I came across this but need help on how to apply in automox and start testing
$certificatePath = "C:\Path\to\certificate.pfx"
$certificatePassword = ConvertTo-SecureString -String "YourCertificatePassword" -Force -AsPlainText
$certificate = Import-PfxCertificate -FilePath $certificatePath -Password $certificatePassword -CertStoreLocation Cert:\LocalMachine\My
You are pretty close with this worklet! I want to call out a few things though before providing my suggestions.
For certificates that require a password, you can use the ConvertTo-SecureString cmdlet within your worklet. It should be noted though that we don’t condone passing credentials through a worklet’s code as they are exposed in plain text. Please use your own discretion if deciding to use this method.
One other caveat is that Automox Worklet’s run as SYSTEM. Because of this, the certificate store targeted in your Worklet should point to the LocalMachine store. If you wanted to install a certificate to the CurrentUser store, the worklet would need to run under the current user’s runspace. This can be achieved by running your script as a scheduled task. Check out this Catalog Worklet as an example.
That said, I modified your script some and created evaluation logic as well. The evaluation logic is optional, but it will use the cert’s thumbprint to check to see if a certificate exists already in the store.
Here’s the updated code:
Here are some quick instructions for using the new code:
When the worklet’s remediation code runs, you’ll receive an indication in your Automox Activity Log to the success or failure of installing the certificate:
As a side note, I’ve also submitted a feature request on your behalf for adding a Secret Management vault to worklets. Such a feature would help mitigate any security concerns of passing a plain text password within the body of a worklet’s code block. You can check the status of existing feature requests or submit new ones by reaching out to your Customer Success Manager.
I hope this helps!
Have a great weekend!
Thank you John for your time and assistance, I will surely test that our and hopefully will work as instructed