This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 42%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Hi all,
I have PKI_Certificate_MP_V2_1.3.0.0 installed and it has been doing a good job of monitoring what i want.
Now, I want to stop monitoring a particular Cert so i read the MP and found the below instructions:
Basically I have to Override the Discovery in the Certificate Store:
1. In the Authoring pane, open Management Pack Objects, and click Object Discoveries.
2. On the Operations Manager toolbar, click Scope, and then filter the objects that appear in the details pane to include only Certificate Store objects.
3. From the list of discoveries, highlight the discovery Discovery of local computer's certificate store "My / Personal" (registry).
4. On the Operations Manager toolbar, click Overrides, click For all objects of another class. Choose Windows Computer.
5. In the OverridesProperties dialog box, click the Override box for the Issuer Filter - Include (RegEx) parameter.
6. Replace the default value (^.$) with CN=MYISSUINGCA, DC=DOMAIN, DC=EXT to ensure that only certificates with exactly an Issuer property value of “CN=MYISSUINGCA, DC=DOMAIN, DC=EXT” will be discovered.
7. Under Management Pack, click New to create an unsealed version of the management pack, and then click OK, or select an unsealed management pack that you previously created in which to save this override.
As a best practice, you should not save overrides to the Default Management Pack.
*Excluding certificates and CRLs is easily possible by configuring the Subject Filter - Exclude (RegEx) and Issuer Filter - Exclude (RegEx) overrides. Matching is case insensitive, “Include” AND NOT “Exclude”.**
I have tried the above steps and used the Issuer Filter - Exclude Parameter Name have managed to override one Cert Issuer labled "CN=konea, L=SantaClara, S=CA, C=US".
This has worked and is no longer getting discovered.
However, now I want to override another Cert using the Issuer Filter - Exclude parameter but i end up replacing the previous cert details.
1 - Can I override multiple Certs using this method?
2 - Do I need to change the Default value field RegEx pattern to allow for multiple name?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 39%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
If you override this to Windows Computer class - so for all computers in theory it should work like that
(CN=konea, L=SantaClara, S=CA, C=US|CN=MYISSUINGCA, DC=DOMAIN, DC=EXT)
where CN=MYISSUINGCA, DC=DOMAIN, DC=EXT is new certificate
Awesome, thanks you some much this worked perfectly.