Generate certificate thumbprint within config

This topic contains 6 replies, has 5 voices, and was last updated by  Adam 4 months, 1 week ago.

  • Author
    Posts
  • #63259

    Sven van Rijen
    Participant

    Hi there!

    Does anyone had an idea how to do this:

    I'm trying to build an on-premises HTTPS DSC Pull Server on a server which is managed by Azure DSC.
    Step-1: Within my config I'm able to generate an SSL certificate from the on-premises CA. But now I want to use this particular certificate for the SSL-binding of the Pull server.

    Step-2: Within the xDscWebService resource you have to supply an CertificateThumbPrint.
    How can I use retrieve and use the thumbprint of the certificate from Step-1 in the same config? Just $thumbprint = (Get-ChildItem CERT:\..etc) doesn't do the trick...

    Anyone?

    Kind regards,
    Sven

  • #63390

    David Jones
    Participant

    It would take either a custom resource or a script resource that gets the cert thumbprint and does the steps that xDscWebService would handle.

  • #63523

    Missy Januszko
    Participant

    You could pass in thumbprint as a parameter with a param block.

    Then on the line where you compile the mof,
    Configname -path .\ -thumbprint (get-childitem Cert:\...etc)

  • #63525

    Missy Januszko
    Participant

    Oh wait, you say you're generating the certificate within the config?? Using a parameter probably isn't the answer in that case.

  • #63526

    Tim Haintz
    Participant

    Hi Sven, I have done this in my test environment using the below method.

    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $cert.Import('c:\publicKeys\nameofcertfile.cer') 

    You can then use $cert.thumbprint to get the thumbprint.
    I used this article to help me: https://social.technet.microsoft.com/Forums/scriptcenter/en-US/969bfa58-a479-4b07-8c3b-4e57121351da/powershell-pulling-thumbprint-from-certificate-cer?forum=ITCG

    First post, hope the formatting works correctly.

    Thanks, Tim.

  • #63628

    Sven van Rijen
    Participant

    Thank you all for your replies up till now!
    I'm going to check things out later this week and will keep you up to date!

    • #72583

      Adam
      Participant

      Any update on this?

You must be logged in to reply to this topic.