Automate the creation of self-singed certificates on DSC nodes
DSC can be a huge time-saver for system administrators. Admins no longer have to create dozens of lines of code to test for and set various configuration items. If you’re set on implementing DSC in your environment, there are a few hurdles you’ll have to leap over. One of the biggest is ensuring tightened security, particularly in those instances where you need to store credentials in your MOF files.
Technically, you could use the PsDscAllowPlainTextPassword keyword in your configurations, but this is simply turning off encryption. It’s easier, but it’s terribly insecure. It’s much better to place certificates on each of your DSC nodes and export out the public certificate to your management workstation to encrypt and decrypt credentials in the MOF documents. I will now show how to automate the process of creating self-signed certificates on your DSC nodes. The code I’ll be going over was based on this long-winded MSDN article.
To do this is going to require a few prerequisites, so be sure you have these ready before you begin. First, you’ll need the New-SelfSignedCertificateEx function. This is an advanced function that allows you to create self-signed certificates on local computers. We’ll be focusing on remote computers in this article, so I’ll go over a trick to make this work remotely…
Read the full article at 4SysOps.