Comments (7)
Actually this wouldn't be too bad. CertReq.exe handles this if requesttype is 'Cert'. We would need to add a parameter, either a boolean for self-signed or just expose RequestType and validate against a list. Thoughts?
https://technet.microsoft.com/en-us/library/dn296456(v=ws.11).aspx
from certificatedsc.
Since the resource already using the CertReq.exe to do work, I don't see a problem extending it to do this as well. I would expect the resource to be able to do anything CertReq.exe is capable of (eventually). It that sense I think exposing RequestType is the right move (using a ValidateSet).
When parameter RequestType
is 'Cert'
I guess there need to be a new code path. When running certreq.exe -new -machine SelfSignedCert.inf sqltest.company.local.cer
it automatically installs the certificate to both the stores Cert:\LocalMachine\My
and Cert:\LocalMachine\CA
, as well writing the certificate to disk. But for the certificate to be trusted we also need to add it to the Cert:\LocalMachine\root
store, it does not do this automatically.
from certificatedsc.
Hi @shurick81 - unfortunately not using xCertificate at this time. Although this could potentially be added as a new resource.
Alternately, for now you could use the Script or xScript resource to do this fairly easily.
The problem though is that we'd want to use the New-SelfSignedCertificate
cmdlet to do the work in this resource, but unfortunately, this cmdlet was only introduced in Windows 10/Windows Server 2016 with full functionality. It did exist in Windows Server 2012/R2, but it was very limited in functionality. So whether or not such a resource would work would depend on the Windows OS version. However, there is a script in MS Script center that could be used to issue certs on older OS's, but I'm not sure how easy it would be to bring in.
All worth considering though. I'm not sure I'd have the time to look into this for a while though - bit of a back log! Although someone else might wish to contribute something.
from certificatedsc.
I didn't actually realize certreq.exe could be used to generate self-signed certs. So if it can do this then we should definitely make use of it. I reckon it wouldn't be too difficult to stitch this into xCertReq.
@johlju - good thinking on needing to add this to the trusted store - but we'd probably want to make this optional (by adding a switch). Because sometimes you might want to create the cert and then export it as a PFX/CER and for use in something other than the certificate store.
I'm going to try and get some time this weekend on DSC, but I'll probably be putting any DSC time into getting some of the xScheduledTask features added
from certificatedsc.
Hi, do you know if this is still on the table? I tried to find any other DSC resources for generating self-signed certs, but no luck so far.
from certificatedsc.
Hi @shurick81 - yes, this is definitely on the table. Ideally someone in the community will have one already that they want to contribute, but if not it'll be something I get to when I have the time. Sorry it does take so long though.
from certificatedsc.
Relabeled to Help wanted so that someone in the community can run with this.
from certificatedsc.
Related Issues (20)
- Test-TargetResource fails if server language is not English (Get-CertificateTemplateInformation) HOT 1
- PfxImport & CertificateImport: Add base64 content parameter for PFX and certificate import resources HOT 6
- Remove non-mandatory parameters from Get-TargetResource
- Update GitVersion.yml to use latest pattern
- INF file format is wrong HOT 1
- DSC_PfxImport:'Import-PfxCertificateEx' function handles private keys differently then 'Import-PfxCertificate' cmdlet HOT 3
- Tests failing: New-SelfSignedCertificateEx from Script Center is no longer available
- Update Sampler Build Tasks
- Enable Code Coverage Reporting
- PfxImport: Cannot find an overload for "Import" and the argument count: "2" HOT 1
- PfxImport: Keys prevent multiple imports to different locations HOT 1
- When using content option on PfxImport with certificate twice in pfx private key gets lost HOT 1
- Update Azure DevOps Pipeline Images
- Update CI Pipeline Files from Latest Pattern
- Convert to class-based resources
- Convert tests to Pester 5
- Add support to export Cert as Base64 with CredentialExport HOT 2
- CertReq resource cannot request multiple certificates with same subject name HOT 2
- DSC_CertReq failed to execute Set-TargetResource functionality with error message: Cannot add type. The type name 'Source.NativeMethods' already exists
- Move Find-Certificate Function from CertificateDsc.Common.psm1 to DscResource.Common HOT 19
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certificatedsc.