Sleepw4lker
commented
2 years ago Hallo, many thanks for your feedback. Have a look at this. I plan to integrate this into the module in an upcoming version.
Open Viajaz opened 2 years ago
Sleepw4lker
commented
2 years ago Hallo, many thanks for your feedback. Have a look at this. I plan to integrate this into the module in an upcoming version.
Viajaz
commented
2 years ago In regards to https://github.com/Sleepw4lker/OcspManager/blob/master/lib/Set-CertificatePrivateKeyPermissions.ps1
It could be useful to have Parameter $Certificate be set to accept ValueFromPipeline when you port it over as well as another parameter to specify System.Security.AccessControl.CryptoKeyRights
ckrueger1979
commented
1 year ago This works for regular (software based keys) and also for keys located in a HSM https://github.com/microsoft/GuardedFabricTools/blob/master/CertificateManagement/CertificateManagement.psm1
A Cmdlet which grants Permissions to the Private Key of a Certificate in the Certificate Store would be useful.
Example:
$Certificatecould perhaps be location such ascert:\LocalMachine\My\FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFor perhaps just thumbprint?$Identitywould be the security principal (eg:NETWORK SERVICEorDOMAIN\user)Permissionparameter being either FullControl or ReadThere is a Question-and-Answers on StackOverflow (How to Grant permission to user on Certificate private key using powershell?) on how to grant permissions but seemingly, anecdotally, doesn't seem reliable across platforms and use-cases, I also wonder if the example code provide would work with non-RSA keys but an answer I provided to another StackOverflow Question is useful in obtaining the absolute path of a Certificate Container.
Such a Cmdlet would be useful in order to automate configuration of key access after Certificate Installation as part of installation of a service or other such software.