Automate the installation and signing of Linux Certificates for SCOM


Assembly will be required. You will need to look at the scripts in each of the steps and adjust accordingly to your test environment. As always, test in your test environment.


From time to time, I am finding myself either standing up a new Linux box in my environment or helping customers with deploying the Linux agent install files and walking them through the process of signing the certificates. So, I thought, why not automate this, and make it a repeatable process. To Orchestrator we go.

Below is the runbook I used in my lab environment to accomplish this.

What you will need:

  1. Downloads: plink and pscp are available here. These will be used to transfer files and connect to the Linux agent.
  2. Variables:
    1. $linuxUsername = A variable for the Linux username”
    2. $linuxPassword = “A variable for the Linux username password”
    3. $Target = “This is the fqdn that is first step that must be entered.”
  3. Shares to store your Linux Certificates for the original and signed certificates

The Runbook:

  1. Initialize Data – this is the name of the Linux server. You will Need to put in the FQDN as this field is called later in the scripts for the file naming.


  1. Check Machine Is Online – This is just a simple script (not my own) that I came across that check to see if the server is online and reachable
  2. Accept Client Key – This is just a simple script (not my own) to ensure the unique key of a new plink target is accepted.
  3. Create SCOM Agent Folder – Creates the scomagent folder under /tmp
  4. Copy SCOM installation Files – This contains the filename of the Linux agent. This step will need to be updated when the agent files are updated. Example:
  5. Install SCOM sh file – Installs the Linux SCOM agent file.
  6. Transfer cert from Linux to MS – Transfers a copy of the local SCOM agent certificate that will be signed.
  7. Sign Linux Certificate – Signs the Linux certificate for communication with SCOM
  8. Copy the New Certificate – Copies the signed certificate over to the Linux agent.
  9. Rename old certificate – Renames and keeps the old cert.
  10. Rename new certificate – Renames the new certificate to the original name. This is needed for the agent to communicate with SCOM.
  11. Restart the agent – Restarts the scxadmin service for the certificate to be used.


That’s it. Your Linux box is now ready for discovery in SCOM.

Download the Runbook here.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s