Importing a PFX to server 2012

Good evening,

I have been struggling with this for a week now and so i turn to you good people.

I am trying to import a PFX to 140+ servers all of which are Server 2012 R2. I am a local admin on all the boxes and have confirmed that if i import it the old fashion way or using CERTUTIL one at a time it works. ideally i would like to write a script which allows me to import it to all 140+ servers at once. I have googled the hell out of this, i have a reddit ( https://www.reddit.com/r/PowerShell/comments/5bos5a/importing_a_pfx/) and to date nothing has worked. i really hope that someone here can help me out please.

again thank you for your time

This is a basic script tested against one computer (I only have a small lab). It should be enough to get you started.

$servers = Get-Content 'C:\servers.txt'

$certpath = '\\fileserver\certshare\test.pfx'

$password = 'password' | ConvertTo-SecureString -AsPlainText -Force

foreach ($server in $servers) {

    Copy-Item -Path $certpath -Destination "\\$server\c$\temp\"

    Invoke-Command -ComputerName $server -ScriptBlock {

        Import-PfxCertificate -FilePath 'C:\temp\test.pfx' -CertStoreLocation 'Cert:\CurrentUser\TrustedPublisher' -Password $using:password

    }

}

thank you so much for your reply. i am definitely one step closer as i now get this error instead

he system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND). This may be the result of user credentials being required on the remote machine. See Enable-WSManCredSSP Cmdlet help on how to enable and use
CredSSP for delegation with PowerShell remoting.
+ CategoryInfo : NotSpecified: (:slight_smile: [Import-PfxCertificate], Exception
+ FullyQualifiedErrorId : RemotingFailure,Microsoft.CertificateServices.Commands.ImportPfxCertificate
+ PSComputerName :

That sounds like the second hop problem which was described in the reddit thread.
Please post a copy of the script you’re running so that we can see how you modified what I posted. You should change passwords and server names but don’t change network paths to local paths if they’re not local paths in your script.

I think i only changed the variables. i tried both with a network path to the file and local to the machine i running it from. I am still very confused on the double hop part. not sure how to use the variables

$servers = Get-Content ‘C:\cert\Serevrs.txt’

$certpath = ‘LOCATION OF PFX BOTH NETWORK OR LOCAL’

$password = 'PASSWORD ’ | ConvertTo-SecureString -AsPlainText -Force

foreach ($server in $servers) {

Copy-Item -Path $certpath -Destination "\\$server\c$\temp\" -Force

Invoke-Command -ComputerName $server -ScriptBlock {

    Import-PfxCertificate -FilePath 'C:\temp\test.pfx' -CertStoreLocation 'Cert:\CurrentUser\TrustedPublisher' -Password $using:password

}

}

so i got it working. thank you for your help I truly appreciate it