I’m very proud to have contributed the
xPfxImport DSC Resource to Microsoft’s
xCertificate module. This resource is included in version 22.214.171.124 of
xCertificate which was released on .
The purpose is to distribute SSL certificates (and optionally the private key) to nodes via PowerShell Desired State Configuration. The PFX is loaded from a network share or file path, and is typically encrypted with a password. DSC Encrypted Credentials are used to store the PFX extraction password securely in the configuration.
My primary use case in writing this concerned distribution of commercially purchased SSL certificates; particularly something like a wildcard cert which needs to be distributed to many nodes and will be need to be updated periodically as renewals happen.
This will also be nice for use with shorter term certificates like 90-day certs offered for free by Let’s Encrypt.Continue Reading »
Every PowerShell Desired State Configuration resource must have at least one
Key property that’s used to uniquely identify it within a single configuration. For the DSC
Script Resource the keys are the
SetScript properties. Basically this means that each
Script resource can’t contain the same content. Makes sense on the surface, but when you consider variable substitution, and looping through collections in
$ConfigurationData, it’s easy to come up with a configuration that ends up with this error:
Add-NodeKeys : The key properties combination ‘your script here’ is duplicated for keys ‘GetScript,SetScript,TestScript’ of resource ‘Script’ in node ‘nodename’. Please make sure key properties are unique for each resource in a node.
This is quite annoying, but there are ways around it so you don’t have to resort to manually unrolling your loop.Continue Reading »