Comments (7)
Hi @Yvand - xCertifiicateImport
unfortunately can't export certificates. It can only import them into the WIndows Certificate Store.
What you need is xCertificateExport
(or xPFFExport
for certs with private keys) - which is a resource I've been meaning to implement for some time but forgot to make the request. I've now raised the resource request ( #41 ).
This resource would take some combination of information (thumbprint, subject, SAN etc. ) and export the cert as an x509 if it wasn't found.
I can try and spend a bit of time over the next week or so and get these resources in place for you (a couple of my teams could use this themselves as well). So if you don't mind giving me a few weeks I'll get it done for you.
from certificatedsc.
Hi @PlagueHO, AWESOME!
I'll definitely wait, in the meantime I'll probably work around this with a script resource that uses Export-Certificate cmdlet, but a dedicated resource would be far better.
from certificatedsc.
@Yvand - no problem! A pleasure doing it + our teams can definitely use this too. We have also been using xScript to perform the certificate export (and subsequent conversion to Java Key Store files in some cases).
from certificatedsc.
Hi @Yvand - sorry, I forgot to follow up on this. I created the xCertificateExport and it was released to the resource kit (I can't remember which version). Have you had a chance to try it? Did it cover your use case? If so, can we close this?
from certificatedsc.
Hi @PlagueHO, thank you very much for this, it's exactly what I needed!
In the meantime I implemented a custom script and, to be honest, I didn't update yet the configuration to use the new resource xCertificateExport.
Below is the custom script I wrote as a workaround:
xScript ExportCertificates
{
SetScript =
{
Write-Verbose -Message "Exporting public key of certificates..."
New-Item F:\Setup -Type directory -ErrorAction SilentlyContinue
$signingCert = Get-ChildItem -Path "cert:\LocalMachine\My\" -DnsName "$using:ADFSSiteName.Signing"
$signingCert| Export-Certificate -FilePath "F:\Setup\ADFS Signing.cer"
Get-ChildItem -Path "cert:\LocalMachine\Root\" | ?{$_.Subject -eq $signingCert.Issuer}| Select-Object -First 1| Export-Certificate -FilePath "F:\Setup\ADFS Signing issuer.cer"
Write-Verbose -Message "Public key of certificates successfully exported"
}
GetScript =
{
# This block must return a hashtable. The hashtable must only contain one key Result and the value must be of type String.
return @{ "Result" = "false" }
}
TestScript =
{
# If it returns $false, the SetScript block will run. If it returns $true, the SetScript block will not run.
return $false
}
DependsOn = "[WindowsFeature]AddADFS"
}
It's not on the top of my todo list at the moment but I will definitely update the configuration to use resource xCertificateExport, the less I use custom scripts, the better.
from certificatedsc.
Hi @Yvand - thanks for posting your work around script - it is similar to what I'd used before creating this resource! 😁
Can we close this issue?
from certificatedsc.
Sure, sorry for my late reply!
from certificatedsc.
Related Issues (20)
- PfxImport & CertificateImport: Add base64 content parameter for PFX and certificate import resources HOT 6
- Remove non-mandatory parameters from Get-TargetResource
- Update GitVersion.yml to use latest pattern
- INF file format is wrong HOT 1
- DSC_PfxImport:'Import-PfxCertificateEx' function handles private keys differently then 'Import-PfxCertificate' cmdlet HOT 3
- Tests failing: New-SelfSignedCertificateEx from Script Center is no longer available
- Update Sampler Build Tasks
- Enable Code Coverage Reporting
- PfxImport: Cannot find an overload for "Import" and the argument count: "2" HOT 1
- PfxImport: Keys prevent multiple imports to different locations HOT 1
- When using content option on PfxImport with certificate twice in pfx private key gets lost HOT 1
- Update Azure DevOps Pipeline Images
- Update CI Pipeline Files from Latest Pattern
- Convert to class-based resources
- Convert tests to Pester 5
- Add support to export Cert as Base64 with CredentialExport HOT 2
- CertReq resource cannot request multiple certificates with same subject name HOT 2
- DSC_CertReq failed to execute Set-TargetResource functionality with error message: Cannot add type. The type name 'Source.NativeMethods' already exists
- Move Find-Certificate Function from CertificateDsc.Common.psm1 to DscResource.Common HOT 19
- Importing PFX certificate fails on Windows Server 2016 using guest configuration package
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certificatedsc.