Generate certificate thumbprint within config

Welcome Forums DSC (Desired State Configuration) Generate certificate thumbprint within config

This topic contains 6 replies, has 5 voices, and was last updated by

 
Participant
1 year, 4 months ago.

  • Author
    Posts
  • #63259

    Participant
    Points: 0
    Rank: Member

    Hi there!

    Does anyone had an idea how to do this:

    I'm trying to build an on-premises HTTPS DSC Pull Server on a server which is managed by Azure DSC.
    Step-1: Within my config I'm able to generate an SSL certificate from the on-premises CA. But now I want to use this particular certificate for the SSL-binding of the Pull server.

    Step-2: Within the xDscWebService resource you have to supply an CertificateThumbPrint.
    How can I use retrieve and use the thumbprint of the certificate from Step-1 in the same config? Just $thumbprint = (Get-ChildItem CERT:\..etc) doesn't do the trick...

    Anyone?

    Kind regards,
    Sven

  • #63390

    Participant
    Points: 0
    Rank: Member

    It would take either a custom resource or a script resource that gets the cert thumbprint and does the steps that xDscWebService would handle.

  • #63523

    Participant
    Points: 28
    Team Member
    Rank: Member

    You could pass in thumbprint as a parameter with a param block.

    Then on the line where you compile the mof,
    Configname -path .\ -thumbprint (get-childitem Cert:\...etc)

  • #63525

    Participant
    Points: 28
    Team Member
    Rank: Member

    Oh wait, you say you're generating the certificate within the config?? Using a parameter probably isn't the answer in that case.

  • #63526

    Participant
    Points: 0
    Rank: Member

    Hi Sven, I have done this in my test environment using the below method.

    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $cert.Import('c:\publicKeys\nameofcertfile.cer') 

    You can then use $cert.thumbprint to get the thumbprint.
    I used this article to help me: https://social.technet.microsoft.com/Forums/scriptcenter/en-US/969bfa58-a479-4b07-8c3b-4e57121351da/powershell-pulling-thumbprint-from-certificate-cer?forum=ITCG

    First post, hope the formatting works correctly.

    Thanks, Tim.

  • #63628

    Participant
    Points: 0
    Rank: Member

    Thank you all for your replies up till now!
    I'm going to check things out later this week and will keep you up to date!

    • #72583

      Participant
      Points: 0
      Rank: Member

      Any update on this?

The topic ‘Generate certificate thumbprint within config’ is closed to new replies.