SPCertificate - dsccommunity/SharePointDsc GitHub Wiki
Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| CertificateFilePath | Key | String | Specifies path to the certificate file (PFX or CER) | |
| CertificatePassword | Write | PSCredential | The password of the PFX file | |
| Ensure | Write | String | Present ensures certificate exists, absent ensures it is removed | Present, Absent |
| Exportable | Write | Boolean | Specifies if the certificate should be exportable after import | |
| Store | Write | String | Specifies the store in which the certificate should be placed | EndEntity, Intermediate, Pending, Root |
Description
Type: Distributed Requires CredSSP: No
This resource is used to manage SSL certificate in the Certificate Management solution build into SharePoint Server Subscription Edition. With this resource you can import new certificates and remove certificates from the store.
IMPORTANT: Certificate PFX files are protected by either a password or an ACL. So when trying to import the PFX file, you either have to grant the PsDscRunAsCredential permissions to import the PFX (specify the account when exporting the certificate to a PFX) or specify the used password via the CertificatePassword parameter.
This resource does not check what option you used and will fail importing the certicate when not using the correct option!
Exporting a certificate to PFX and using a password: https://docs.microsoft.com/en-us/powershell/module/pki/export-pfxcertificate?view=windowsserver2019-ps#example-1 Exporting a certificate to PFX and using ACL protection: https://docs.microsoft.com/en-us/powershell/module/pki/export-pfxcertificate?view=windowsserver2019-ps#example-4
Examples
Example 1
This example shows how to import a PFX certificate into the My store of the local computer.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount,
[Parameter(Mandatory = $true)]
[PSCredential]
$CertificatePassword
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPCertificate IntranetCertificate
{
CertificateFilePath = 'C:\Certificates\Intranet.pfx'
CertificatePassword = $CertificatePassword
Store = 'EndEntity'
Exportable = $false
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
}
}
Example 2
This example shows how to import a CER certificate into the Root store of the local computer.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount,
[Parameter(Mandatory = $true)]
[PSCredential]
$CertificatePassword
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPCertificate RootCACertificate
{
CertificateFilePath = 'C:\Certificates\RootCA.cer'
Store = 'Root'
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
}
}
Example 3
This example shows how to remove a PFX certificate from Certificate Management.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount,
[Parameter(Mandatory = $true)]
[PSCredential]
$CertificatePassword
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPCertificate IntranetCertificate
{
CertificateFilePath = 'C:\Certificates\Intranet.pfx'
CertificatePassword = $CertificatePassword
Ensure = "Absent"
PsDscRunAsCredential = $SetupAccount
}
}
}