Ignore certificate certain issuer

[Akito01]

Hello,

I can't seem to ignore certificates that have been issued by a certain issuer. How can I achieve such thing?

[rafabu]

filtering by various attributes (among them "Issued by") is implemented by setting regular expression based filters. These are applied in the form of overrides to the discovery of the certificate store, not the actual certificate discovery. Override the discovery called 'Discovery of local computer's certificate store "My / Personal" (registry)' for example.

• Issuer Filter - Include (RegEx)
• Issuer Filter - Exclude (RegEx) Please see the MP guide for details.

[JiiPee-svg]

First thank You for nice MP.

Would You give some advice for using regex, when I need many exclusion?

Example:

Certificate Issuer: CN=Microsoft PolicyKeyService Certificate Authority Certificate Issuer: CN=connectorregistrationca.msappproxy.net Certificate Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Application Integration 2 Certification Authority Certificate Issuer: E=Security@FileMaker.com, CN=FMI Default Certificate, O="FileMaker, Inc.", L=Santa Clara, S=California, C=US

What is "right formula" for regex configuration, when I do not want discover these certificates? You could add examples also to mp document.

[JiiPee-svg]

Example override "formula" for Issuer filter - Exclude: CN=connectorregistrationca.msappproxy.net|CN=Microsoft PolicyKeyService Certificate Authority|CN=Hyper-V Integration Service|CN=Microsoft Intune NDES Connector CA|CN=ClusInfraCert.*

Last one like for CN=ClusInfraCert_01062020_14062020 etc. Other exact CN issuers for certificate

[BCornelissen]

It looks like this is a documentation item. Initial question has been answered. We will have a further look at the documentation to verify if the second question would have been handled, or else we may look at making some example.