Login/Register
Import pfx certificate in CurrentUser Personal Store from DSC Script resource + Automation does not work
Asked Answered
powershellpfxdscazure-automation
T

0

6

I am working on automating the deployment of our product on Azure VMs. I am using Powershell DSC with Azure automation to provision the VM.

One of the requirement is to import a pfx certificate to CurrentUser/My for a user on the VM. I am trying to do this using the following Script resource:

Script InstallSelfSignedCertificatesToMy
        {
            GetScript = {
                }
            SetScript = {
                    $Path = "c:\test"
                    $Pass = ConvertTo-SecureString "password"-AsPlainText -Force                          
                    Import-PfxCertificate -FilePath "$($Path)\example.pfx" cert:\currentUser\my -Password $Pass
               }
            TestScript = {
                    return $false
                }
            Credential = $adminCredential
       }

The $adminCredential parameter has the credentials for the user where I want to import the certificate.

This DSC does not report any failure but the certificate is not added to the CurrentUser/My on the user.

One interesting observation is that if I run the DSC locally on the VM using Start-DscConfiguration it works as expected and the certificates get installed. It does not work if called from Azure Automation.

Can anyone point out what may be the issue here? Has anyone tried to do something similar?

Thanks in advance.

Tribunate answered 1/8, 2016 at 1:0 Comment(5)
this code looks like it uses "password" not the $adminCredential in $Pass = ConvertTo-SecureString "password"-AsPlainText -Force Is this a typo?Batha
Sorry for not being clear - "password" is the password for the certificate pfx file, whereas, $adminCredential is the local admin user credentials on the machine. I am running the script impersonating this user to access its personal certificate store.Tribunate
Does the environment in which you're running Invoke-PfxCertificate have this as an exported command? Is there a way you could log this attempt or put the Import statement in a try/catch with some output of the exception?Pulmonate
You need to run the import command in the context of the actual user.Welloiled
Not sure this helps too much, but maybe you could run my script to deploy certs: github.com/kevin-bridges/WindowsPowerShell/blob/master/Scripts/… Just run: Get-Help .\Add-PfxCert.ps1 -Examples to see how to use it.Sigmon

© 2022 - 2024 — McMap. All rights reserved.