dataplat
Ability to import full certificate chain with with Add-DbaComputerCertificate
Summarize Functionality
When importing a certificate with the full certificate chain including the intermediate certificate authority, it would be good if the Add-DbaComputerCertificate would have an option to import all of it instead of just the server cert.
Is there a command that is similiar or close to what you are looking for?
Yes
Technical Details
When importing a certificate from let's encrypt using the the Add-DbaComputerCertificate cmdlet, it only imports the cert and not the full chain including the intermediate root cert. If I then try to assigne the cert using Set-DbaNetworkCertificate it fails to assign read permissions to the cert, and I get the following error
WARNING: Read-only permissions could not be granted to certificate, unable to determine private key path.
$CertificatePath = "C:\cert\fullchain.pfx"
$Password = Read-Host "Enter the SSL Certificate Password" -AsSecureString
Add-DbaComputerCertificate -ComputerName $ComputerName -Path $CertificatePath -SecurePassword $Password
Get-DbaComputerCertificate -ComputerName $ComputerName | Where {$_.Name -eq 'cert name'} | Set-DbaNetworkCertificate -SqlInstance $SQLInstance -RestartService
If i import the certificate using the Import-PfxCertificate cmdlet like shown below, it imports the server cert and intermediate root cert (the full chain), then when using Set-DbaNetworkCertificate i don't get the read-only permission error like i previously did.
$CertificatePath = "C:\cert\fullchain.pfx"
$Password = Read-Host "Enter the SSL Certificate Password" -AsSecureString
Import-PfxCertificate -FilePath $CertificatePath -Password $Password -CertStoreLocation 'Cert:\LocalMachine\My'
