I created a fixlet to import a root cert, but the relevance is not working, its showing computers but some have the root and the ones don’t have it it doesn’t show at all.
For windows:
not exists certificates whose (lowercase(thumbprint of it) = “*************”) of root and (not operating system of it contains “Linux”) and operating system of it contains “Win”
It still shows Linux computers and computers that don’t have this root cert i’m calling for.
For Linux:
I’ve tried something similar and won’t show any Linux systems at all. I even tried checking for the existence of .CER file and it won’t even work.
What am I doing wrong here?
I don’t think this is Relevance language. What does any of this return in the Fixlet Debugger? I don’t think ‘certificates of root’ is a thing.
You may want to check a related thread on using Strawgate’s C3 content to probe for certificate details at Thumbprint of a certificate
If this is just for the Windows trusted certificate stores, you may also check the names of registry keys via
q: names of keys of keys “Certificates” of keys whose(name of it as uppercase contains “CA” OR name of it as uppercase contains “ROOT”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates” of (x64 registries; x32 registries)
A: 02FAF3E291435468607857694DF5E45B68851868
A: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
A: 06F1AA330B927B753A40E68CDF22E34BCBEF3352
A: 07E032E020B72C3F192F0628A2593A19A70F069E
Each of those key names should match the SHA1 thumbprint of the associated certificate for trusted root authorities, so you may be able to check whether your expected certificate is in that list.
1 Like