In my Pluralsight course on Advanced DSC I used a few functions I wrote to make it easier to work with computer certificates. If you need to encrypt things like passwords in a DSC configuration, you must some type of certificate thumbprint as well as a copy of the certificate. The idea is that you can use the exported certificates public key to encrypt the password. The remote computer then uses the private key to decrypt.
ManageEngine ADManager Plus - Download Free Trial
Exclusive offer on ADManager Plus for US and UK regions. Claim now!
The functions I wrote for the course were relatively simple, but I always knew I would re-visit them. Now I have. Not only have I extended the functionality, I've also turned the functions into a module.
The module contains two functions, Export-MachineCertificate and Get-MachineCertificateThumbprint. They are very similar in terms of their output, except that the export function does just that, it exports the certificate. I have a hard coded path of C:\Certs but you can change that.
The commands rely on the PKI module that you should have on Windows 8 and later.
By default, the function will also test if the certificate is valid, although you can skip that test.
If you just want the thumbprint, you can use the other command.
I suppose I could have combine the functions into one. In fact, as I write this I can think of a few other changes I might have made but I think I will leave things as they stand.
You can find the files on GitHub.
