Certificate install Problem

edhigginson · March 2, 2017, 8:21am

I am trying to install a certificate for a website under a dsc push installation. I keep getting this error…

PowerShell DSC resource MSFT_xPfxImport failed to execute Test-TargetResource functionality with error message:
Cannot validate argument on parameter ‘Thumbprint’. ‘‎b748609391b8ccf7f79b9920112b527d15124a7e’ is not a valid hash.
+ CategoryInfo : InvalidOperation: ( , CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName :

This is the code I am running
AriesThumbprint = ‘‎b748609391b8ccf7f79b9920112b527d15124a7e’ # Aries wildcard cert
AriesCertPath = ‘D:\Supporttools\Certificates\LogViewer.pfx’ # path to the Aries “Server” cert
AriesCredential = ‘LogViewer’
CertLocation = ‘LocalMachine’

xPfxImport SiteCert
{
Thumbprint = $Node.AriesThumbprint
Path = $Node.AriesCertPath
Location = $Node.CertLocation
Store = $Node.CertStoreName
Credential = $AriesCredential
Exportable = $true
Ensure = ‘Present’
DependsOn = @(‘[WindowsFeature]IIS’)

The xCertificate module is version is version 2.3.0.0

It’s got to be something simple I am overlooking. Any Ideas?
Thanks for any help,
Ed

donj · March 6, 2017, 12:09pm

Can you verify that the thumbprint shows up correctly when you use the CERT: drive on the node, and that it shows up in the Machine store on the node?

edhigginson · March 7, 2017, 9:29am

The thumbprint does not show up on the node at all. I am installing a website on the server and I am using this cert to encrypt traffic to that site. So it exists only on the machine I am running the configuration from.

donj · March 7, 2017, 9:33am

Ok, gotcha.

So… the Credential might be the problem. I’m having some trouble following the code in the resource, though - have you considered reaching out to the author, at xPfxImport DSC Resource for Importing Certificates and Keys?

edhigginson · March 15, 2017, 3:50pm

I have taken your advice and asked my question of Briantist.

digitalbanana · May 13, 2017, 2:21pm

Hi Ed,

Did you get anywhere with this - I have a very similar issue. For the xCertificate resources fails with the same issue BUT ONLY when its runs immediately after a resource which downloads the cert. If I run the configuration on its own (eg don’t download but use the local file) it imports fine. Its driving me crazy

chris-liquori · May 24, 2017, 12:39pm

Hi Ed,

Is the path of the pfx file on the server you are trying to import the cert?

I was able to import the cert by including the PsDscRunAsCredential in the xPfxImport resource, but I did that as I am importing the certificate from a network location.

Hope this helps.

Topic		Replies	Views
DSC Push Model - Certificate ID is not valid DSC	12	190	January 9, 2017
Generate certificate thumbprint within config DSC	6	206	June 12, 2017
Chicken / Egg Problem with Pull Server Creation DSC	2	419	April 10, 2019
errors with HTTPS Pull server DSC	3	196	June 7, 2017
Group Resource encrypted credentials issue DSC	8	186	December 18, 2015

Certificate install Problem

Related Topics