Skip to content

Latest commit

 

History

History
215 lines (169 loc) · 4.4 KB

CertificateExports.adoc

File metadata and controls

215 lines (169 loc) · 4.4 KB
Raw

DSC Resource 'CertificateExports'

CertificateExports is used to export a certificate from the Windows certificate store.

Source

DSC Resource

Documentation
Table 1. Attributes of category 'CertificateExports'
Parameter Attribute DataType Description Allowed Values

Certificates

Hashtable[]

List of certifcates to export from the Windows certificate store.
Table 2. Selected Attributes of category 'CertificateExports/Certificates'
Parameter Attribute DataType Description Allowed Values

Path

Key

String

The path to the file you that will contain the exported certificate.

Thumbprint

String

The thumbprint of the certificate to export. Certificate selector parameter.

FriendlyName

String

The friendly name of the certificate to export.

Certificate selector parameter.

Subject

String

The subject of the certificate to export.

Certificate selector parameter.

DNSName

String[]

The subject alternative name of the certificate to export must contain these values.

Certificate selector parameter.

Issuer

String

The issuer of the certificate to export.

Certificate selector parameter.

KeyUsage

String[]

The key usage of the certificate to export must contain these values.

Certificate selector parameter.

EnhancedKeyUsage

String[]

The enhanced key usage of the certificate to export must contain these values.

Certificate selector parameter.

Store

String

The Windows Certificate Store Name to search for the certificate to export from.

You can get the list in Powershell with:

  • ls Cert:\LocalMachine

  • ls Cert:\CurrentUser

Certificate selector parameter.

Default: My

AllowExpired

Boolean

Allow an expired certificate to be exported.

Certificate selector parameter.

  • True

  • False

MatchSource

Boolean

Causes an existing exported certificate to be compared with the certificate identified for export and re-exported if it does not match.

  • True

  • False

Type

String

Specifies the type of certificate to export.

  • Cert

  • P7B

  • SST

  • PFX

ChainOption

String

Specifies the options for building a chain when exporting a PFX certificate.

  • BuildChain

  • EndEntityCertOnly

Password

PSCredential

Specifies the password used to protect an exported PFX file.

Either the ProtectTo or this attribute must be specified, or an error will be displayed.

ProtectTo

String[]

Specifies an array of strings for the username or group name that can access the private key of an exported PFX file without any password.

Either the Password or this attribute must be specified, or an error will be displayed.

This requires a Windows Server® 2012 domain controller.
Example
CertificateExports:
  Certificates:
    - Path:       C:\User1Certificate.pfx
      Thumbprint: c81b94933420221a7ac004a90242d8b1d3e5070d
      Store:      Root
      Type:       PFX
      ProtectTo:  contoso\user1
    - Path:       C:\PwdCertificate.pfx
      Thumbprint: c81b94933420221a7ac004a90242d8b1d3e50456
      Store:      Root
      Type:       PFX
      Password:   '[ENC=PE9ianMgVmVyc2l...=]'
    - Path:       C:\CACertificate.cer
      Thumbprint: c81b94933420221a7ac004a90242d8b1d3e12345
      Store:      Root
      Type:       Cert
Recommended Lookup Options in Datum.yml (Excerpt)
lookup_options:

  CertificateExports:
    merge_hash: deep
  CertificateExports\Certificates:
    merge_baseType_array: Unique
    merge_hash_array: DeepTuple
    merge_options:
      tuple_keys:
        - Thumbprint
        - Location
        - Store