Certificate install Problem

This topic contains 6 replies, has 4 voices, and was last updated by Profile photo of Chris Liquori Chris Liquori 7 hours ago.

  • Author
    Posts
  • #65581
    Profile photo of Ed Higginson
    Ed Higginson
    Participant

    I am trying to install a certificate for a website under a dsc push installation. I keep getting this error...

    PowerShell DSC resource MSFT_xPfxImport failed to execute Test-TargetResource functionality with error message:
    Cannot validate argument on parameter 'Thumbprint'. '‎b748609391b8ccf7f79b9920112b527d15124a7e' is not a valid hash.
    + CategoryInfo : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName :

    This is the code I am running
    AriesThumbprint = '‎b748609391b8ccf7f79b9920112b527d15124a7e' # Aries wildcard cert
    AriesCertPath = 'D:\Supporttools\Certificates\LogViewer.pfx' # path to the Aries "Server" cert
    AriesCredential = 'LogViewer'
    CertLocation = 'LocalMachine'

    xPfxImport SiteCert
    {
    Thumbprint = $Node.AriesThumbprint
    Path = $Node.AriesCertPath
    Location = $Node.CertLocation
    Store = $Node.CertStoreName
    Credential = $AriesCredential
    Exportable = $true
    Ensure = 'Present'
    DependsOn = @('[WindowsFeature]IIS')

    The xCertificate module is version is version 2.3.0.0

    It's got to be something simple I am overlooking. Any Ideas?
    Thanks for any help,
    Ed

  • #65887
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Can you verify that the thumbprint shows up correctly when you use the CERT: drive on the node, and that it shows up in the Machine store on the node?

    • #65949
      Profile photo of Ed Higginson
      Ed Higginson
      Participant

      The thumbprint does not show up on the node at all. I am installing a website on the server and I am using this cert to encrypt traffic to that site. So it exists only on the machine I am running the configuration from.

  • #65950
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Ok, gotcha.

    So... the Credential might be the problem. I'm having some trouble following the code in the resource, though – have you considered reaching out to the author, at https://www.briantist.com/project/xpfximport-dsc-resource-for-importing-certificates-and-keys/?

    • #66516
      Profile photo of Ed Higginson
      Ed Higginson
      Participant

      I have taken your advice and asked my question of Briantist.

  • #70588
    Profile photo of Dave Lowe
    Dave Lowe
    Participant

    Hi Ed,

    Did you get anywhere with this – I have a very similar issue. For the xCertificate resources fails with the same issue BUT ONLY when its runs immediately after a resource which downloads the cert. If I run the configuration on its own (eg don't download but use the local file) it imports fine. Its driving me crazy

  • #71452
    Profile photo of Chris Liquori
    Chris Liquori
    Participant

    Hi Ed,

    Is the path of the pfx file on the server you are trying to import the cert?

    I was able to import the cert by including the PsDscRunAsCredential in the xPfxImport resource, but I did that as I am importing the certificate from a network location.

    Hope this helps.

You must be logged in to reply to this topic.