Cisco Umbrella Root CA Certificate Installation
Purpose
This solution provides a mechanism to automatically deploy the Cisco Umbrella Root CA certificate to both Windows and Macintosh devices. By utilizing an organization-level custom field, administrators can target specific clients for deployment, ensuring secure SSL inspection and trusted communication with Cisco Umbrella services.
References:
Associated Content
Custom Fields
| Name | Type | Function |
|---|---|---|
| cPVAL Install Cisco Umbrella Root CA Certificate | Checkbox | Flag to enable installation of the Cisco Umbrella Root CA certificate on all Windows and Mac devices managed for the client. |
Automations
| Name | Function |
|---|---|
| Install Cisco Umbrella Root CA Certificate [Windows] | Downloads and installs the Cisco Umbrella Root CA certificate to the Local Machine Trusted Root store on Windows devices. |
| Install Cisco Umbrella Root CA Certificate [Macintosh] | Downloads and installs the Cisco Umbrella Root CA certificate to the Local Machine Trusted Root store on Macintosh devices. |
Groups
| Name | Function |
|---|---|
| Deploy Cisco Umbrella Root CA Certificate | Contains all client machines (Windows and Mac) where the organization-level custom field cPVAL Install Cisco Umbrella Root CA Certificate is enabled. |
Tasks
| Name | Function |
|---|---|
| Deploy Cisco Umbrella Root CA Certificate | Executes the Cisco Umbrella Root CA certificate installation scripts daily on machines found in the target group. |
Implementation
Step 1
Create or import the following custom field:
Step 2
Import the following automations:
- Install Cisco Umbrella Root CA Certificate [Windows]
- Install Cisco Umbrella Root CA Certificate [Macintosh]
Step 3
Create the following dynamic group to identify target devices:
Step 4
Create the scheduled task to run the installation scripts daily:
Step 5
To deploy the certificate to an organization:
- Navigate to the Organization's Custom Fields.
- Enable the checkbox for cPVAL Install Cisco Umbrella Root CA Certificate.
- Devices will automatically populate into the Deploy Cisco Umbrella Root CA Certificate group.
- The Deploy Cisco Umbrella Root CA Certificate task will run at the next scheduled interval (daily at 1:00 PM).
FAQ
Q: Why is this certificate installation necessary?
A: Installing the Root CA certificate ensures secure SSL inspection and trusted communication with Cisco Umbrella services. It allows the device to trust the inspection performed by Cisco Umbrella.
Q: How do I deploy the certificate to a client?
A: You can enable deployment by flagging the cPVAL Install Cisco Umbrella Root CA Certificate checkbox at the Organization level. Once enabled, machines will automatically be added to the Deploy Cisco Umbrella Root CA Certificate group.
Q: Which operating systems are supported?
A: This solution supports both Windows and Mac devices. It utilizes specific automations for each OS:
- Install Cisco Umbrella Root CA Certificate [Windows] for Windows machines.
- Install Cisco Umbrella Root CA Certificate [Macintosh] for Macintosh machines.
Q: Where is the certificate installed on the device?
A: The automations download and install the certificate to the Local Machine Trusted Root store on the device.
Q: How often does the installation script run?
A: The Deploy Cisco Umbrella Root CA Certificate task runs daily (repeats every 1 day) at 1:00 PM.
Q: Does the automation reinstall the certificate every time it runs?
A: No. The automation first verifies if the certificate (matching the specific Thumbprint) is already installed and valid. If found, the script exits without making changes. This ensures that the Install Cisco Umbrella Root CA Certificate [Windows] and Install Cisco Umbrella Root CA Certificate [Macintosh] scripts only deploy the certificate when it is missing or invalid.