Open Viajaz opened 2 years ago
Hallo, many thanks for your feedback. Have a look at this. I plan to integrate this into the module in an upcoming version.
In regards to https://github.com/Sleepw4lker/OcspManager/blob/master/lib/Set-CertificatePrivateKeyPermissions.ps1
It could be useful to have Parameter $Certificate
be set to accept ValueFromPipeline
when you port it over as well as another parameter to specify System.Security.AccessControl.CryptoKeyRights
This works for regular (software based keys) and also for keys located in a HSM https://github.com/microsoft/GuardedFabricTools/blob/master/CertificateManagement/CertificateManagement.psm1
A Cmdlet which grants Permissions to the Private Key of a Certificate in the Certificate Store would be useful.
Example:
$Certificate
could perhaps be location such ascert:\LocalMachine\My\FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
or perhaps just thumbprint?$Identity
would be the security principal (eg:NETWORK SERVICE
orDOMAIN\user
)Permission
parameter being either FullControl or ReadThere is a Question-and-Answers on StackOverflow (How to Grant permission to user on Certificate private key using powershell?) on how to grant permissions but seemingly, anecdotally, doesn't seem reliable across platforms and use-cases, I also wonder if the example code provide would work with non-RSA keys but an answer I provided to another StackOverflow Question is useful in obtaining the absolute path of a Certificate Container.
Such a Cmdlet would be useful in order to automate configuration of key access after Certificate Installation as part of installation of a service or other such software.