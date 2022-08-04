Sorry for this being vague, but I'm still gathering the details. I handle installing certificates we get from partners and clients on several servers so they can reach out securely to push or pull data. I normally get one at a time, so I've been installing them into the Certificate Management Snap-In manually. SQL servers get the certs installed under local user, which is that service account that runs SQL. Web servers get the certs installed as local machine certs.

So here's the problem. Something is different between a cert installed manually and one installed via PowerShell. I'll post my scripts, but I'm still not sure what is different....except my Devs say the certs don't work when deployed via script. I've gone into the mmc.exe snap-in to verify they are in the correct store, correct permissions, etc. I can't see a difference.

I started using the PowerShell scripts recently to save time. I built new servers that needed 75 certs installed, so I did so via PowerShell. Is there a better cert deployment tool? Aside from my issue above, I'd love to know if there's a better tool or application. Or, if there's a better script.



SQL/Local User:

Import-PfxCertificate -FilePath ./certfile.pfx -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString -String 'password' -AsPlainText -Force)



Web/Local Machine:

Import-PfxCertificate -FilePath ./certfile.pfx -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString -String 'password' -AsPlainText -Force)