Adding a Certificate to Trusted Publishers using Intune


I’ve copied this article from jannikreinhard and added some of my own findings.

Microsoft has described in a blog post (Adding a Certificate to Trusted Publishers using Intune) how to create a custom config profile to get a certificate into the trusted publisher store. Since there are several manual steps to read the thumbprint from the certificate and encode it to a base64 string I wrote a script that does all this for you and automatically creates a new configuration policy.

What you need to do

I needed to export my certificate to base64 cer. I had some issues when using the DER encoded binary type. The var of thumbprint wasnt filled by the script when using DER, so the script threw some errors.

  • Install-Script -Name Add-CertificateToTrustedStore
  • Run the Add-CertificateToTrustedStore.ps1 Powershell script
  • Enter the UPN to get an auth token for the graph api
  • Perform the authentication
  • When the authentication is completed a file browser will pop up. Here you can select the certificate (.cer file base-64 encoded X. 509) that you want to distribute as a trusted certificate
  • Next you need to enter a name for the Configuration Profile in Intune
  • That’s all you need to do. The configuration profile is now successfully created in Intune.
  • Now you can assign the Configuration Profile to a group

Hope I could simplify your work with this script to create a configuration profile which imports a certificate into the Trusted Publisher store.

About the author

Add Comment

By Semi


Get in touch

Quickly communicate covalent niche markets for maintainable sources. Collaboratively harness resource sucking experiences whereas cost effective meta-services.