Posts on this page:

This post is based on existing OpsMgr product group (PG) post: Troubleshooting Ops Mgr Certificate issues with Powershell. For me existing script return overloaded information to user and is not quite easy for understanding. Also there is missing some points:

  • certificates might be issued from 3rd party Certification Authorities (CAs) and not always has SerialNumber fixed length. Therefore in some cases it incorrectly converts certificate serial number to it actual value;
  • by default X509Chain.Build() method (for Operating Systems prior Windows 7/Server 2008 R2) by default attempts to build a chain up to any root certificate that is stored in Trusted Root CAs container in CurrentUser store. This means that while original script return "Ok" status, OpsMgr Agent may not work with this certificate, because root certificate don't exist in Trusted Root CAs in LocalMachine store;

Another point is that what we want to get from script? I thing that we just want to know:

Read more →