Certificate install Problem

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Ed Higginson Ed Higginson 1 week, 3 days ago.

  • Author
    Posts
  • #65581
    Profile photo of Ed Higginson
    Ed Higginson
    Participant

    I am trying to install a certificate for a website under a dsc push installation. I keep getting this error...

    PowerShell DSC resource MSFT_xPfxImport failed to execute Test-TargetResource functionality with error message:
    Cannot validate argument on parameter 'Thumbprint'. '‎b748609391b8ccf7f79b9920112b527d15124a7e' is not a valid hash.
    + CategoryInfo : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName :

    This is the code I am running
    AriesThumbprint = '‎b748609391b8ccf7f79b9920112b527d15124a7e' # Aries wildcard cert
    AriesCertPath = 'D:\Supporttools\Certificates\LogViewer.pfx' # path to the Aries "Server" cert
    AriesCredential = 'LogViewer'
    CertLocation = 'LocalMachine'

    xPfxImport SiteCert
    {
    Thumbprint = $Node.AriesThumbprint
    Path = $Node.AriesCertPath
    Location = $Node.CertLocation
    Store = $Node.CertStoreName
    Credential = $AriesCredential
    Exportable = $true
    Ensure = 'Present'
    DependsOn = @('[WindowsFeature]IIS')

    The xCertificate module is version is version 2.3.0.0

    It's got to be something simple I am overlooking. Any Ideas?
    Thanks for any help,
    Ed

  • #65887
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Can you verify that the thumbprint shows up correctly when you use the CERT: drive on the node, and that it shows up in the Machine store on the node?

    • #65949
      Profile photo of Ed Higginson
      Ed Higginson
      Participant

      The thumbprint does not show up on the node at all. I am installing a website on the server and I am using this cert to encrypt traffic to that site. So it exists only on the machine I am running the configuration from.

  • #65950
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Ok, gotcha.

    So... the Credential might be the problem. I'm having some trouble following the code in the resource, though – have you considered reaching out to the author, at https://www.briantist.com/project/xpfximport-dsc-resource-for-importing-certificates-and-keys/?

    • #66516
      Profile photo of Ed Higginson
      Ed Higginson
      Participant

      I have taken your advice and asked my question of Briantist.

You must be logged in to reply to this topic.