-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lost Private Key after sysprep #129
Comments
Hi @mattbowes - ah, this is a great catch. We should be able to fix this by changing the (Get-ChildItem -path Cert:\LocalMachine\My\498F1F592D3E56A7124BBCD65AE70C1FD615BDE5).HasPrivateKey Might have a look at this tonight. |
PfxImport - Enable Re-import if Private Key not installed - Fixes #129
@PlagueHO checking Could the check be changed to |
Great info @mattbowes - I'll make the change this weekend. Seems that sysprep doesn't do a great job here! |
I updated MSFT_PfxImport.psm1 and created a pull request. I think that will fix it |
Simplified from this excellent post: http://paulstovell.com/blog/x509certificate2 When the cert request is still stored with all info, a /repairstore can fix that issue. Anyhow, up until .Net 4.8 (with GetRSAPrivateKey()) there's no easy way to get the Private key, and I'm yet to find a nice way to find if the Private key is actually available on the system or not (something quick we can run every 15min). |
Details of the scenario you tried and the problem that is occurring:
After syspreping a server, the certificate is left in the cert store but the private key is removed during the sysprep process. xPfxImport only checks to ensure the thumbprint is present. It does not check to see if the certificate has a private key so it never imports the pfx file and the certificate.
The DSC configuration that is using the resource (as detailed as possible):
xPfxImport Wildcard
{
Thumbprint = $wildcardthumbprint
Path = $certificatepath
Location = 'LocalMachine'
Store = 'My'
Exportable = $true
Credential = $Credential1
Ensure = 'Present'
DependsOn = "[xDSCDomainjoin]JoinDomain"
}
Version of the Operating System and PowerShell the DSC Target Node is running:
DSC running in Azure
OS version: 2012R2
Version of the DSC module you're using, or 'dev' if you're using current dev branch:
xCertificate 3.2.0.0
The text was updated successfully, but these errors were encountered: