Install a certificate in an environment where the user is locked down (Citrix)

Home Forums Scripting General Scripting Install a certificate in an environment where the user is locked down (Citrix)

This topic contains 5 replies, has 4 voices, and was last updated by  shefi 7 months, 2 weeks ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts

  • loureed4
    Member
    #167521

    Hello,

    I was wondering if I can run a script to install/import a certificate so that the users (locked down, no admin rights) can have that certificate to get into a web site (that needs that certificate)

    I looked into it and thought of a script running through a GPO, like this:

    runas /env /user:domainadministrator “cerutil -addstore root myrootca.cer”

    but then the password would be needed to be entered interactively, each time? . I want to avoid that entering the password each time (it is the admin password) :)

    Thanks in advance.


    biggles77
    Spectator
    #214406

    If this is on a Windows AD Domain, why not use a GPO?


    shefi
    Member
    #380054

    because the sessions are not persistent .


    biggles77
    Spectator
    #214408
    loureed4;n516872 wrote:
    because the sessions are not persistent .

    huh?…………


    Anonymous
    #372100

    Pushing the cert using GP, to either the computer’s store or the user’s store, means that cert is always available for the client to trust the hosting site. Certificates are always present unless specifically deleted, regardless of how long ago they may have expired. Have a look in your own PC’s ‘Trusted Root Certification Authorities’ store to see what I mean. My customer system has roughly 8 certs from outside agencies that have to be used, and we simply push them out to the appropriate store to our domain PCs and don’t have any issues. As for cleaning out expired certs, a relatively simple Powershell script does that, runs 1 every 6 months.


    shefi
    Member
    #380055

    I forgot to mention that the certificate must be installed in the “Personal Store” , not in the “Trusted Root Certification Authorities” . Is that possible? . I am not an expert in the CA field.

    As far as I am reading, when the user is locked down in a Citrix environment, he can’t import a certificate into its Personal Store.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.