How-to use xCertificateImport right after xCertReq to save public key to disk? about certificatedsc HOT 7 CLOSED

Hi @Yvand - xCertifiicateImport unfortunately can't export certificates. It can only import them into the WIndows Certificate Store.

What you need is xCertificateExport (or xPFFExport for certs with private keys) - which is a resource I've been meaning to implement for some time but forgot to make the request. I've now raised the resource request ( #41 ).

This resource would take some combination of information (thumbprint, subject, SAN etc. ) and export the cert as an x509 if it wasn't found.

I can try and spend a bit of time over the next week or so and get these resources in place for you (a couple of my teams could use this themselves as well). So if you don't mind giving me a few weeks I'll get it done for you.

from certificatedsc.

Hi @PlagueHO, AWESOME!
I'll definitely wait, in the meantime I'll probably work around this with a script resource that uses Export-Certificate cmdlet, but a dedicated resource would be far better.

from certificatedsc.

@Yvand - no problem! A pleasure doing it + our teams can definitely use this too. We have also been using xScript to perform the certificate export (and subsequent conversion to Java Key Store files in some cases).

from certificatedsc.

Hi @Yvand - sorry, I forgot to follow up on this. I created the xCertificateExport and it was released to the resource kit (I can't remember which version). Have you had a chance to try it? Did it cover your use case? If so, can we close this?

from certificatedsc.

Hi @PlagueHO, thank you very much for this, it's exactly what I needed!
In the meantime I implemented a custom script and, to be honest, I didn't update yet the configuration to use the new resource xCertificateExport.
Below is the custom script I wrote as a workaround:

xScript ExportCertificates
{
	SetScript = 
	{
		Write-Verbose -Message "Exporting public key of certificates..."
		New-Item F:\Setup -Type directory -ErrorAction SilentlyContinue
		$signingCert = Get-ChildItem -Path "cert:\LocalMachine\My\" -DnsName "$using:ADFSSiteName.Signing"
		$signingCert| Export-Certificate -FilePath "F:\Setup\ADFS Signing.cer"
		Get-ChildItem -Path "cert:\LocalMachine\Root\" | ?{$_.Subject -eq  $signingCert.Issuer}| Select-Object -First 1| Export-Certificate -FilePath "F:\Setup\ADFS Signing issuer.cer"
		Write-Verbose -Message "Public key of certificates successfully exported"
	}
	GetScript =  
	{
		# This block must return a hashtable. The hashtable must only contain one key Result and the value must be of type String.
		return @{ "Result" = "false" }
	}
	TestScript = 
	{
		# If it returns $false, the SetScript block will run. If it returns $true, the SetScript block will not run.
	   return $false
	}
	DependsOn = "[WindowsFeature]AddADFS"
}

It's not on the top of my todo list at the moment but I will definitely update the configuration to use resource xCertificateExport, the less I use custom scripts, the better.

from certificatedsc.

Hi @Yvand - thanks for posting your work around script - it is similar to what I'd used before creating this resource! 😁

Can we close this issue?

from certificatedsc.

Sure, sorry for my late reply!

from certificatedsc.