Author Posts

March 2, 2017 at 1:51 pm

I am trying to install a certificate for a website under a dsc push installation. I keep getting this error...

PowerShell DSC resource MSFT_xPfxImport failed to execute Test-TargetResource functionality with error message:
Cannot validate argument on parameter 'Thumbprint'. '‎b748609391b8ccf7f79b9920112b527d15124a7e' is not a valid hash.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName :

This is the code I am running
AriesThumbprint = '‎b748609391b8ccf7f79b9920112b527d15124a7e' # Aries wildcard cert
AriesCertPath = 'D:\Supporttools\Certificates\LogViewer.pfx' # path to the Aries "Server" cert
AriesCredential = 'LogViewer'
CertLocation = 'LocalMachine'

xPfxImport SiteCert
{
Thumbprint = $Node.AriesThumbprint
Path = $Node.AriesCertPath
Location = $Node.CertLocation
Store = $Node.CertStoreName
Credential = $AriesCredential
Exportable = $true
Ensure = 'Present'
DependsOn = @('[WindowsFeature]IIS')

The xCertificate module is version is version 2.3.0.0

It's got to be something simple I am overlooking. Any Ideas?
Thanks for any help,
Ed

March 6, 2017 at 5:39 pm

Can you verify that the thumbprint shows up correctly when you use the CERT: drive on the node, and that it shows up in the Machine store on the node?

March 7, 2017 at 2:59 pm

The thumbprint does not show up on the node at all. I am installing a website on the server and I am using this cert to encrypt traffic to that site. So it exists only on the machine I am running the configuration from.

March 7, 2017 at 3:03 pm

Ok, gotcha.

So... the Credential might be the problem. I'm having some trouble following the code in the resource, though – have you considered reaching out to the author, at https://www.briantist.com/project/xpfximport-dsc-resource-for-importing-certificates-and-keys/?

March 15, 2017 at 9:20 pm

I have taken your advice and asked my question of Briantist.

May 13, 2017 at 7:51 pm

Hi Ed,

Did you get anywhere with this – I have a very similar issue. For the xCertificate resources fails with the same issue BUT ONLY when its runs immediately after a resource which downloads the cert. If I run the configuration on its own (eg don't download but use the local file) it imports fine. Its driving me crazy

May 24, 2017 at 6:09 pm

Hi Ed,

Is the path of the pfx file on the server you are trying to import the cert?

I was able to import the cert by including the PsDscRunAsCredential in the xPfxImport resource, but I did that as I am importing the certificate from a network location.

Hope this helps.