I have a .crt and .key file, from which I am creating a .pfx file using OpenSSL. I am trying to use PowerShell to import the .pfx file into Cert:\LocalMachine\My, then I'll use that certificate for OpenVPN. Using the following code, I am not getting any errors on the import:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert.import("$env:TEMP\$site.pfx", $certPassword, "PersistKeySet") $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine") $store.open("MaxAllowed") $store.add($cert) $store.close()
I can see the cert in the MMC, but OpenVPN's log file shows:
I have tried $certPassword as both a string and secure string. When I import the certificate via the GUI (copying the password from the content of $certPassword), OpenVPN starts normally.
I also tried this code but saw the same behavior:
Import-PfxCertificate -Password ($certPassword | ConvertTo-SecureString -AsPlainText -Force) -CertStoreLocation Cert:\LocalMachine\My -FilePath $env:temp\$site.pfx
Finally, I am running the PowerShell session elevated and OpenVPN is running as Local System.
What could I be doing wrong? Thanks.
Turns out, I needed to include the MachineKeySet flag in my import command:
$cert.import("$env:TEMP\$site.pfx", $certPassword, "MachineKeySet,PersistKeySet")
You must be logged in to reply to this topic.