xPfxImport DSC Resource for Importing Certificates and Keys

I’m very proud to have contributed the xPfxImport DSC Resource to Microsoft’s xCertificate module. This resource is included in version of xCertificate which was released on .

xCertificate on GitHub
xCertificate on PowerShell Gallery
ServerFault thread that pushed me to publish (thanks in particular to jscott).

The purpose is to distribute SSL certificates (and optionally the private key) to nodes via PowerShell Desired State Configuration. The PFX is loaded from a network share or file path, and is typically encrypted with a password. DSC Encrypted Credentials are used to store the PFX extraction password securely in the configuration.

My primary use case in writing this concerned distribution of commercially purchased SSL certificates; particularly something like a wildcard cert which needs to be distributed to many nodes and will be need to be updated periodically as renewals happen.

This will also be nice for use with shorter term certificates like 90-day certs offered for free by Let’s Encrypt.

Continue Reading »

Use Variables in a DSC Script Resource

Every PowerShell Desired State Configuration resource must have at least one Key property that’s used to uniquely identify it within a single configuration. For the DSC Script Resource the keys are the GetScript, TestScript, and SetScript properties. Basically this means that each Script resource can’t contain the same content. Makes sense on the surface, but when you consider variable substitution, and looping through collections in $ConfigurationData, it’s easy to come up with a configuration that ends up with this error:

Add-NodeKeys : The key properties combination ‘your script here’ is duplicated for keys ‘GetScript,SetScript,TestScript’ of resource ‘Script’ in node ‘nodename’. Please make sure key properties are unique for each resource in a node.

This is quite annoying, but there are ways around it so you don’t have to resort to manually unrolling your loop.

Continue Reading »