I’m attempting to create a WEF policy to forward security logs from a modest set of servers to a series of load balanced collectors (running on linux).
The team I’m working with does not want to use kerberos, and so want to use Cert Auth.
I’ve solved the Server/collector side cert issues, but I’m not sure how to handle the client side cert.
Our servers have PKI issued certs in their personal stores. These certs come from either a IssuerCA1 or IssuerCA2. And some servers may have one from each for various reasons.
I wanted to create a single GPO to push a subscription config similar to this:
Server=https://WECCollector:5986/wsman/SubscriptionManager/WEC,Refresh=60,IssuerCA=0238bd28hfb383n8fn38fn
But since I have to specify the thumbprint of the issuing CA, I have to anticipate which issuer CA thumbprint to use based on the individual server.
If a server had only 1 cert, I could push a GPO that had 2 subscriptions one with each IssuerCA thumbprint and one subscription would just fail to be created, but some of the servers have a cert in the personal store from each CA.
Any idea what I could do here to only have to push a single config?
