The 1st update to the rewritten certificate management pack is ready. The update to 1.2.1.3 is mostly about more powerful filtering options for the certificate discoveries. It is now possible to use regular expressions to:
- Include / Exclude based on “Subject”
- Include / Exclude based on “Issuer”
- Exclude based on “Enhanced Key Usage” OIDs
Note that the filters will have to be based on the exact string output of the certificate objects as presented in PowerShell. Hence check those before attempting to write RegEx filters using:
ls cert:\LocalMachine\My | fl Subject, Issuer
All characters (including blanks) are being taken into account. The discovery filters are using .NET RegEx expression syntax. Please test your expressions using a suitabe tool before using them for your overrides (I am often using Regex Hero but there are plenty of other options out there).
Once store discovery is enabled, the default filter settings of the MP will discover any certificates with the exception of self-signed and MS NAP ones. Refer to the MP guide and the release notes if you plan to make use of the advanced filter options. And remember to override the store discovery, not the certificate one.
Download
Find the Management Pack at its home on System Center Central:
PKI Certificate Verification MP at SystemCenterCentral.com MP Catalog
Pingback: OpsMan » SCOM: Updated MP PKI Certificate Verification 1.2.1.3
my bad, this discovers certificates within a store. So my issue still exist, with out enabling Root Store discovery I still see the all listed…. Thanks
All good. now. removed the MP, and all overrides, re-imported, created appropriate overrides and it is looking good. Probably had an extra override I was not aware of or created an override, deleted it and the objects just stayed around to drive me nuts…