- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-01-2022 03:32 AM
Hello Community,
We want to use JEA for windows discovery following KB0965705 (Microsoft JEAv2 Profiles for Discovery) but instead of using self-signed certificates we need to use company PKI (to be built).
Our PKI SME told us we will need to create .csr from the MID server (so the subject CN=<name_of_MID_server>) which will be then used to issue a certificate by the PKI (so the Issuer will be the Issuing CA of the PKI).
I understand we will need to change the "retrieveSigningCert" function in the "JEAUtils.psm1" script on the MID server and also "initJEASession" in the "init1.ps1" script being part of the JEA profile to reflect these changed but...
The whole concept requires the public key to be distributed to the target windows servers while our PKI SME told us this should not happen as all Windows servers will trust MID server automatically.
I would appreciate some guidelines / help / experience on implementing the above KB with company PKI.
Thanks in advance!
Solved! Go to Solution.
- Labels:
-
Discovery
- 2,073 Views

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-25-2022 11:37 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2022 06:42 AM
Hi
could you maybe elaborate a little bit how the KB resolves the issues or provides an answer? We are facing the same issue (or a very similar one) and re-reading KB0965705 - doesn't really help. If we are using our PKI, the assumption in my team is that we don't need to 'manually' deploy the certs to all target systems as the endpoint should trust the code-signing certs implicitly. Yet the KB is silent on that - implicitly it requires an explicit deployment of the certs which is obviously less desirable.
Thanks,
Christian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-13-2025 08:39 AM
The KB KB0965705 is very light on step by step instructions when using "company PKI" certificate. Please provide more detail.