March 2, 2017 at 1:51 pm #65581
I am trying to install a certificate for a website under a dsc push installation. I keep getting this error...
PowerShell DSC resource MSFT_xPfxImport failed to execute Test-TargetResource functionality with error message:
Cannot validate argument on parameter 'Thumbprint'. 'b748609391b8ccf7f79b9920112b527d15124a7e' is not a valid hash.
+ CategoryInfo : InvalidOperation: (:) , CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName :
This is the code I am running
AriesThumbprint = 'b748609391b8ccf7f79b9920112b527d15124a7e' # Aries wildcard cert
AriesCertPath = 'D:\Supporttools\Certificates\LogViewer.pfx' # path to the Aries "Server" cert
AriesCredential = 'LogViewer'
CertLocation = 'LocalMachine'
Thumbprint = $Node.AriesThumbprint
Path = $Node.AriesCertPath
Location = $Node.CertLocation
Store = $Node.CertStoreName
Credential = $AriesCredential
Exportable = $true
Ensure = 'Present'
DependsOn = @('[WindowsFeature]IIS')
The xCertificate module is version is version 184.108.40.206
It's got to be something simple I am overlooking. Any Ideas?
Thanks for any help,
March 6, 2017 at 5:39 pm #65887
Can you verify that the thumbprint shows up correctly when you use the CERT: drive on the node, and that it shows up in the Machine store on the node?
March 7, 2017 at 2:59 pm #65949
The thumbprint does not show up on the node at all. I am installing a website on the server and I am using this cert to encrypt traffic to that site. So it exists only on the machine I am running the configuration from.
March 7, 2017 at 3:03 pm #65950
So... the Credential might be the problem. I'm having some trouble following the code in the resource, though – have you considered reaching out to the author, at https://www.briantist.com/project/xpfximport-dsc-resource-for-importing-certificates-and-keys/?
March 15, 2017 at 9:20 pm #66516
I have taken your advice and asked my question of Briantist.
May 13, 2017 at 7:51 pm #70588
Did you get anywhere with this – I have a very similar issue. For the xCertificate resources fails with the same issue BUT ONLY when its runs immediately after a resource which downloads the cert. If I run the configuration on its own (eg don't download but use the local file) it imports fine. Its driving me crazy
May 24, 2017 at 6:09 pm #71452
Is the path of the pfx file on the server you are trying to import the cert?
I was able to import the cert by including the PsDscRunAsCredential in the xPfxImport resource, but I did that as I am importing the certificate from a network location.
Hope this helps.
You must be logged in to reply to this topic.