DSC_PfxImport:'Import-PfxCertificateEx' function handles private keys differently then 'Import-PfxCertificate' cmdlet

[39Delta]

Details of the scenario you tried and the problem that is occurring

Importing PFX certificates to the local machine certificate path and the resource uses the function 'Import-PfxCertificateEx' from the common module results in the private key being installed in the users key store location rather than the machine path. The result of using the native 'Import-PfxCertificate' cmdlet is that the private key is stored in the same path as the public key import location.

Example results of importing with Import-PfxCertificateEx: (Importing to cert:\currentuser\my) Private key is stored c:\users\\AppData\LocalLow\Microsoft\Crypto (Importing to cert:\localmachine\my) Private key is stored c:\users\\AppData\LocalLow\Microsoft\Crypto

Example results of importing with Import-PfxCertificate: (Importing to cert:\currentuser\my) Private key is stored c:\users\\AppData\LocalLow\Microsoft\Crypto (Importing to cert:\localmachine\my) Private key is stored C:\ProgramData\Microsoft\Crypto

The key store location for private keys should match between these two functions.

Verbose logs showing the problem

Suggested solution to the issue

The fix would be to set the x509 flag during import to machinekey path for localmachine keys. No change for currentuser path key imports.

Version and build of PowerShell the target node is running

Name Value

---

PSVersion 5.1.14393.3866
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14393.3866
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

dev

[39Delta]

I will have a PR up for review shortly for if the issue is accepted

[39Delta]

249

[PlagueHO]

Closed by #249