Documents on digital certificates and their implementation and management
View all tagsThis monitor looks for any SSL certificates that have an expiration date of less than 30 days. This solution is effective for catching machines that may have been missed and do not have active reminders in place for certificate renewals. Additionally, the difference between the certification addition and expiration should be at least 30 days to trigger an alert.
Select the operating system to enable monitoring and alerts for certificates that will expire in the next 30 days.
Group of machines with certificate expiration monitoring enabled.
This solution outlines the steps for identifying and monitoring Windows certificates that are set to expire within the next 30 days through CW RMM.
This solution provides a mechanism to automatically deploy the Cisco Umbrella Root CA certificate to both Windows and Macintosh devices.
A group tailored for Windows Servers that have the Active Directory Certificate Services role installed.
Flag this checkbox to enable installation of the Cisco Umbrella Root CA certificate on all Windows and Mac devices managed for the client. This ensures secure SSL inspection and trusted communication with Cisco Umbrella services.
This custom field shows whether Secure Boot is enabled on the device.
Devices with Secure Boot disabled for compliance and security monitoring.
This task checks and records the SecureBoot status on devices, including SecureBoot certificates.
This custom field shows the status of the Windows Secure Boot Database (DB) certificate.
This custom field displays the status of the Windows Key Exchange Key (KEK) certificate.
This custom field indicates the current telemetry (diagnostic data) level on Windows. Shows whether Windows telemetry is enabled and its level (Basic, Enhanced, Full)
This group contains all client machines (Windows and Mac) where the organization-level custom field "cPVAL Install Cisco Umbrella Root CA Certificate" is enabled. A task runs daily against this group to install or verify the Cisco Umbrella.
Executes Cisco Umbrella Root CA certificate installation script daily on machines in target group.
Flag this custom field to exclude computer from the certification expiration monitoring.
Flag this custom field to exclude location from the certification expiration monitoring.
Downloads and installs the Cisco Umbrella Root CA certificate to the Local Machine Trusted Root store.
Downloads and installs the Cisco Umbrella Root CA certificate to the Local Machine Trusted Root store.
This script remediates UEFI Secure Boot compliance for Windows 2026 by ensuring systems have the required 2023 UEFI certificates (KEK and db), enabling Microsoft-managed certificate updates, and reporting the remediation status. It validates Secure Boot, configures registry keys for automatic updates, monitors servicing status, and logs results.
This script automates the remediation of UEFI Secure Boot certificates required for Windows 2026 compliance. It ensures the system has the latest 2023 UEFI certificates (KEK and db) and configures the system for automatic Microsoft-managed UEFI certificate updates.
This solution checks the Secure Boot status and validates the associated certificates. If the system is using older Secure Boot certificates, the custom fields are updated accordingly. If the system is using updated certificates. The custom fields are updated to reflect the compliant status.
This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026. Microsoft is replacing legacy Secure Boot certificates with updated 2023-era certificates (KEK and DB). Devices that do not contain these updated certificates may be considered at risk once older certificates expire.
This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026.
Automate role to detect if a Windows agent has the updated 2023 DB Certificate
Automate role to detect if a Windows agent has the updated 2023 KEK Certificate
Details all the Custom Fields related to Windows Secure Boot Audit
This solution helps to display the status of key certificate and configurations that will be needed before the current secure boot certificates expire.
Fetches the status of key certificate and configurations that will be needed before the current secure boot certificates expire.
This solution fetches the status of key certificate and configurations that will be needed before the current secure boot certificates expire.
Dataview to display the status of certificate and configurations needed for secure boot