I’m very proud to have contributed the
xPfxImport DSC Resource to Microsoft’s
xCertificate module. This resource is included in version 22.214.171.124 of
xCertificate which was released on .
The purpose is to distribute SSL certificates (and optionally the private key) to nodes via PowerShell Desired State Configuration. The PFX is loaded from a network share or file path, and is typically encrypted with a password. DSC Encrypted Credentials are used to store the PFX extraction password securely in the configuration.
My primary use case in writing this concerned distribution of commercially purchased SSL certificates; particularly something like a wildcard cert which needs to be distributed to many nodes and will be need to be updated periodically as renewals happen.
This will also be nice for use with shorter term certificates like 90-day certs offered for free by Let’s Encrypt.
Check there for the most up-to-date info; I probably won’t update this.
xPfxImport resource has following properties:
- Thumbprint: The thumbprint (unique identifier) of the certificate you’re importing.
- Path: The path to the PFX file you want to import.
- Location: Currently the only valid value here is
- Store: Defaults to
My(the personal store) but can be any store that is valid on the machine (for example,
- Exportable: Defaults to
$false. Determines whether the private key is exportable from the machine after you import it.
- Credential: A
[PSCredential]object that is used to decrypt the PFX file. Only the password is used, so any user name is valid.
Used with xWebAdministration Resources
This is my first somewhat major open source contribution, and I hope to make more of these, especially to the DSC resources. I’m really glad Microsoft is embracing this approach.
Please let me know if you’re using this, how you’re using it, any feedback you might have (bugs and feature requests can be submitted via GitHub).