Installing Certificates in IIS on remote servers

Tagged: ,

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Christopher Warren Christopher Warren 9 months ago.

  • Author
    Posts
  • #36009
    Profile photo of Christopher Warren
    Christopher Warren
    Participant

    Hi,

    I am trying to copy a .pfx file to remote servers and then import that .pfx into IIS. The script I have come up with copies the file to the servers but throws the following errors when the script trys to implement the function on the remote computer.
    Exception calling "Import" with "3" argument(s): "The specified path is invalid.
    "
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CryptographicException
    + PSComputerName : MTWEBTEST1

    Exception calling "Add" with "1" argument(s): "pCertContext is an invalid handle."
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CryptographicException
    + PSComputerName : MTWEBTEST1

    Here is the script:

  • #36011
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    You're using a path of "\\$server\c$\SSL\$certName.pfx" in your Invoke-Command block. The $server and $certName variables don't exist in the remote session; you'd need to either use $using:server and $using:certName (if both the client and server are using PowerShell v3 or later), or define arguments and use Invoke-Command's -ArgumentList parameter (if PSv2 compatibility is needed.)

    Incidentally, since you're invoking this command on the server anyway, you could just use a path of C:\SSL\$using:certName.pfx ; no need for the UNC path.

    You may wind up running into another challenge, though. Certificates and private keys get imported into the user's profile, and I'm not 100% sure that the profile will be loaded to a state that you need when you use Invoke-Command. Will take some trial and error.

  • #36014
    Profile photo of Christopher Warren
    Christopher Warren
    Participant

    Thanks Dave. I can't believe I missed that. It works!

You must be logged in to reply to this topic.