The problem is the when the X509Certificate2
was getting imported via the Import()
method, the X509KeyStorageFlags
were not configured to write the private key to the computer's private key store. I've updated the function to include the appropriate X509KeyStorageFlags
.
function Add-Certificate {
[CmdletBinding()]
param
(
[Parameter(Position=1, Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]$Path,
[Parameter(Position=2, Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]$Password
)
Write-Verbose -Message ('Installing certificate from path: {0}' -f $Path);
try
{
# Create the certificate
$pfxcert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ErrorAction Stop;
$KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bxor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bxor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet;
Write-Verbose ('Key storage flags is: {0}' -f $KeyStorageFlags);
$pfxcert.Import($Path, $Password, $KeyStorageFlags);
# Create the X509 store and import the certificate
$store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList My, LocalMachine -ErrorAction Stop;
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite);
$store.Add($pfxcert);
$store.Close();
Write-Output -InputObject $pfxcert;
}
catch
{
throw $_;
}
}