Writing Certificate Relevance

eg2428 2023-11-16 21:34:00 UTC #1

I’m installing a certificate as part of my fixlet, and I’d like to verify it was installed correctly via relevance.

When I list my cert thumbprints, I can identify the cert I’m looking for (the second one below).

Q: (names of keys of keys "Certificates" of keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates" of (x64 registries; x32 registries))
A: 02FAF3E291435468607857694DF5E45B68851868
[...]
A: 2AB08D9D977B550B661D1D37565789F3D335D865 <-- this one
[...]
T: 29343

I then want to check that it exists, so I run the following:

Q: exists it whose (it is "2ab08d9d977b550b661d1d37565789f3d335d865") of (names of keys of keys "Certificates" of keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates" of (x64 registries; x32 registries))
A: False
T: 6007

Which tells me it doesn’t exist. However, if I run the same code on (seemingly) any other key:

Q: exists it whose (it is "02FAF3E291435468607857694DF5E45B68851868") of (names of keys of keys "Certificates" of keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates" of (x64 registries; x32 registries))
A: True
T: 595

It successfully tells me it does exist. I tried with ~5 other keys some work fine, but others don’t.

Similarly, putting in a known bad value returns False as well.

Anyone know what the cause could be?

Aram 2023-11-16 21:40:45 UTC #2

At first glance, this appears to be a case-sensitivity issue?

Try something like:

Q: exists it whose (it as lowercase is “2ab08d9d977b550b661d1d37565789f3d335d865” as lowercase) of (names of keys of keys “Certificates” of keys of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates” of (x64 registries; x32 registries))

eg2428 2023-11-16 21:48:14 UTC #3

Thank you! That was it. Didn’t realize the thumbprint I was copying from the Certificate Store was all lowercase, and BigFix was return all caps. Resolved, thanks again.