Certificate Monitoring and Overrides

Saiyad Rahim 311 Reputation points

Hi all,

I have PKI_Certificate_MP_V2_1.3.0.0 installed and it has been doing a good job of monitoring what i want.
Now, I want to stop monitoring a particular Cert so i read the MP and found the below instructions:

Basically I have to Override the Discovery in the Certificate Store:

1. In the Authoring pane, open Management Pack Objects, and click Object Discoveries.
2. On the Operations Manager toolbar, click Scope, and then filter the objects that appear in the details pane to include only Certificate Store objects.
3. From the list of discoveries, highlight the discovery Discovery of local computer's certificate store "My / Personal" (registry).
4. On the Operations Manager toolbar, click Overrides, click For all objects of another class. Choose Windows Computer.
5. In the OverridesProperties dialog box, click the Override box for the Issuer Filter - Include (RegEx) parameter.
6. Replace the default value (^.
$) with CN=MYISSUINGCA, DC=DOMAIN, DC=EXT to ensure that only certificates with exactly an Issuer property value of “CN=MYISSUINGCA, DC=DOMAIN, DC=EXT” will be discovered.
7. Under Management Pack, click New to create an unsealed version of the management pack, and then click OK, or select an unsealed management pack that you previously created in which to save this override.
As a best practice, you should not save overrides to the Default Management Pack.

*Excluding certificates and CRLs is easily possible by configuring the Subject Filter - Exclude (RegEx) and Issuer Filter - Exclude (RegEx) overrides. Matching is case insensitive, “Include” AND NOT “Exclude”.**

I have tried the above steps and used the Issuer Filter - Exclude Parameter Name have managed to override one Cert Issuer labled "CN=konea, L=SantaClara, S=CA, C=US".
This has worked and is no longer getting discovered.

However, now I want to override another Cert using the Issuer Filter - Exclude parameter but i end up replacing the previous cert details.

1 - Can I override multiple Certs using this method?
2 - Do I need to change the Default value field RegEx pattern to allow for multiple name?


Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,249 questions
No comments
{count} votes

Accepted answer
  1. Fursel 336 Reputation points

    If you override this to Windows Computer class - so for all computers in theory it should work like that

    (CN=konea, L=SantaClara, S=CA, C=US|CN=MYISSUINGCA, DC=DOMAIN, DC=EXT)

    where CN=MYISSUINGCA, DC=DOMAIN, DC=EXT is new certificate

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful