The only way to automate that is to use the ConfigureBroker utility, which can be found here (along with some warnings about the security implications of trying to automate this process):
Once you've followed the article listed above and create your brokerconfig.lng file, you just need to make sure that the brokerconfig.lng file gets put in the %programfiles%\LANDesk\Shared Files\cbaroot\broker folder, and that any other certificates listed there (if there are any old, bad certificates) are deleted. You can package that up however you want. In the past I've made a self contained executable using NSIS or AutoIt, and both work well. You could also use a WinZip auto-extracting executable, or any other packaging tool. I've also simply used a batch file to copy the file down, but then it's not a single file to be used. One last thing I've seen people do is simply send the .lng file as an attachment and tell their users to put it in the appropriate folder. Depending on how good your end users are at following directions that may or may not be a good solution.
How you get the file down to your client is determined by you for your scenario, but at the end of the day this is as simple as creating a file, and dropping that file in a folder.
Just as a quick example, here's a batch file that would do the job, if the .lng file is located in the same location:
REM Clear out any old broker certs, if any
del /f /q "%programfiles%\LANDesk\Shared Files\cbaroot\broker\*"
REM Copy .lng file into the broker folder
copy /y brokerconfig.lng "%programfiles%\LANDesk\Shared Files\cbaroot\broker\"
If the devices are, or ever will be on site (or in direct communication with the core through VPN, etc.) you can also simply run the Create Client Certificate for Management Gateway script that is included in the Manage Scripts section of LDMS. This will work internally only, but doesn't require any setup. In your scenario I'm making the assumption that you need this to work externally.