Importing a PFX to server 2012

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Yaakov Schwebel Yaakov Schwebel 2 weeks, 6 days ago.

  • Author
    Posts
  • #57388
    Profile photo of Yaakov Schwebel
    Yaakov Schwebel
    Participant

    Good evening,

    I have been struggling with this for a week now and so i turn to you good people.

    I am trying to import a PFX to 140+ servers all of which are Server 2012 R2. I am a local admin on all the boxes and have confirmed that if i import it the old fashion way or using CERTUTIL one at a time it works. ideally i would like to write a script which allows me to import it to all 140+ servers at once. I have googled the hell out of this, i have a reddit ( https://www.reddit.com/r/PowerShell/comments/5bos5a/importing_a_pfx/) and to date nothing has worked. i really hope that someone here can help me out please.

    again thank you for your time

  • #57449
    Profile photo of Matt Bloomfield
    Matt Bloomfield
    Participant

    This is a basic script tested against one computer (I only have a small lab). It should be enough to get you started.

    $servers = Get-Content 'C:\servers.txt'
    
    $certpath = '\\fileserver\certshare\test.pfx'
    
    $password = 'password' | ConvertTo-SecureString -AsPlainText -Force
    
    foreach ($server in $servers) {
    
        Copy-Item -Path $certpath -Destination "\\$server\c$\temp\"
    
        Invoke-Command -ComputerName $server -ScriptBlock {
    
            Import-PfxCertificate -FilePath 'C:\temp\test.pfx' -CertStoreLocation 'Cert:\CurrentUser\TrustedPublisher' -Password $using:password
    
        }
    
    }
    
  • #57461
    Profile photo of Yaakov Schwebel
    Yaakov Schwebel
    Participant

    thank you so much for your reply. i am definitely one step closer as i now get this error instead

    he system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND). This may be the result of user credentials being required on the remote machine. See Enable-WSManCredSSP Cmdlet help on how to enable and use
    CredSSP for delegation with PowerShell remoting.
    + CategoryInfo : NotSpecified: (:) [Import-PfxCertificate], Exception
    + FullyQualifiedErrorId : RemotingFailure,Microsoft.CertificateServices.Commands.ImportPfxCertificate
    + PSComputerName :

  • #57466
    Profile photo of Matt Bloomfield
    Matt Bloomfield
    Participant

    That sounds like the second hop problem which was described in the reddit thread.
    Please post a copy of the script you're running so that we can see how you modified what I posted. You should change passwords and server names but don't change network paths to local paths if they're not local paths in your script.

  • #57602
    Profile photo of Yaakov Schwebel
    Yaakov Schwebel
    Participant

    I think i only changed the variables. i tried both with a network path to the file and local to the machine i running it from. I am still very confused on the double hop part. not sure how to use the variables

    $servers = Get-Content 'C:\cert\Serevrs.txt'

    $certpath = 'LOCATION OF PFX BOTH NETWORK OR LOCAL'

    $password = 'PASSWORD ' | ConvertTo-SecureString -AsPlainText -Force

    foreach ($server in $servers) {

    Copy-Item -Path $certpath -Destination "\\$server\c$\temp\" -Force

    Invoke-Command -ComputerName $server -ScriptBlock {

    Import-PfxCertificate -FilePath 'C:\temp\test.pfx' -CertStoreLocation 'Cert:\CurrentUser\TrustedPublisher' -Password $using:password

    }

    }

  • #57655
    Profile photo of Yaakov Schwebel
    Yaakov Schwebel
    Participant

    so i got it working. thank you for your help I truly appreciate it

You must be logged in to reply to this topic.