Distributing trusted certificates to devices

There are two ways you can deploy trusted certificates to devices:

  1. Deploy a device setup configuration that includes the core server trusted certificates you want.
  2. Use a software distribution job to directly copy the trusted certificate files you want to each device.

Each additional core server trusted certificate (<hash>.0) that you want devices to use must be copied to the core server's ldlogon folder. Once the trusted certificate is in this folder, you can select it within the device setup dialog's Common base agent page. Device setup copies keys to this folder on devices:

  • Windows devices: \Program Files\LANDesk\Shared Files\cbaroot\certs
  • Mac OS X devices: /usr/LANDesk/common/cbaroot/certs

If you want to add a core server's certificate to a device, and you don't want to redeploy device agents through device setup, create a software distribution job that copies <hash>.0 to the folder specified above on the device. You can then use the Scheduled tasks window to deploy the certificate distribution script you created.

The following is an example of a custom script that can be used to copy a trusted certificate from the ldlogon folder of the core server to a device. To use this, replace "d960e680" with the hash value for the trusted certificate you want to deploy.

; Copy a trusted certificate from the ldlogon directory of the core server

; into the trusted certificate directory of the client

[MACHINES]

REMCOPY0=%DTMDIR%\ldlogon\d960e680.0, %TRUSTED_CERT_PATH%\d960e680.0