I’ve been trying to use Chef 12.6.0 to install a password protected pfx into Windows 2012 R2. I tried the Windows cookbook with the windows_certificate Chef module from the supermarket and it doesn’t seem to be able to install into localmachine\trustedpublisher (correct me if I’m wrong please).
Instead I tried to run a powershell script which just runs the cmdlet import-pfxcertificate. I can see the cert in the Certificate console, and if I browse “certs:\localmachine\trustedpublisher” I see the cert. However, a IIS hosted .net 4.5.1 webapp that is looking in localmachine\trustedpublisher keeps throwing a crypto exception: System.Security.Cryptography.CryptographicException: The system cannot find the file specified
If I browse through Windows Explorer to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys I do not see the cert.
If I install the cert manually by hand through Certificate console everything works fine; I can see the file in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys and the .net webapp does not throw the crypto exception.
This is the full powershell script I am running:
#start ps
$securepw1 = convertto-securestring “xxxx” -asplaintext -force
import-pfxcertificate c:\chef\cache\thecert.pfx -CertStoreLocation “cert:\LOCALMACHINE\TrustedPublisher” -Exportable -Password $securepw1
& ‘C:\Program Files (x86)\Windows Resource Kits\Tools\winhttpcertcfg.exe’ -g -a “my_iis_pool” -c “LOCAL_MACHINE\TrustedPublisher” -s “thecert”
#end ps
