Automate the creation of self-singed certificates on DSC nodes

screenshot-4sysops.com 2016-03-06 12-47-54In this article, I’m going to show you how to automate the process of creating self-signed certificates on your Desired State Configuration (DSC) nodes.

DSC can be a huge time-saver for system administrators. Admins no longer have to create dozens of lines of code to test for and set various configuration items. If you’re set on implementing DSC in your environment, there are a few hurdles you’ll have to leap over. One of the biggest is ensuring tightened security, particularly in those instances where you need to store credentials in your MOF files.

Technically, you could use the PsDscAllowPlainTextPassword keyword in your configurations, but this is simply turning off encryption. It’s easier, but it’s terribly insecure. It’s much better to place certificates on each of your DSC nodes and export out the public certificate to your management workstation to encrypt and decrypt credentials in the MOF documents. I will now show how to automate the process of creating self-signed certificates on your DSC nodes. The code I’ll be going over was based on this long-winded MSDN article.

To do this is going to require a few prerequisites, so be sure you have these ready before you begin. First, you’ll need the New-SelfSignedCertificateEx function. This is an advanced function that allows you to create self-signed certificates on local computers. We’ll be focusing on remote computers in this article, so I’ll go over a trick to make this work remotely…

Read the full article at 4SysOps.

Adam Bertram

Adam Bertram

Chief Automator at Adam the Automator, LLC
Adam Bertram is an independent consultant, technical writer, trainer and presenter. Adam specializes in consulting and evangelizing all things IT automation mainly focused around Windows PowerShell. Adam is a Microsoft Windows PowerShell MVP, 2015 powershell.org PowerShell hero and has numerous Microsoft IT pro certifications. He authors IT pro course content for Pluralsight, is a regular contributor to numerous print and online publications and presents at various user groups and conferences.You can find Adam here on the blog or on Twitter at @adbertram.
Adam Bertram

Latest posts by Adam Bertram (see all)

Leave a Reply