c# - Remotely push PFX Cert and Private Key with .NET and Powershell -

c# - Remotely push PFX Cert and Private Key with .NET and Powershell -

the task @ hand force certificate central server recipient servers. i'm able leverage x509certificate2 methods accomplish certificate install. tho storage flags direct add() method install private key, doesn't install on remote machine. in code below, please trust $certobj x509certificate2 object created storage flags exportable, machinekeyset, , persistkeyset.

function import-certificateobject { param ( [parameter(mandatory=$true)] [validatenotnullorempty()] [string] $computer ) $certstore = new-object -typename system.security.cryptography.x509certificates.x509store -argumentlist "\\$($computer)\$location",$store $certstore.open("readwrite") $certstore.add($certobj) $certstore.close() }

using powershell isolate installed certificate object can see hasprivatekey property has been set true. case when installed certificate inspected locally on server , remote server installed it. next, if inspect privatekey property server had certificate installed, it's blank. however, when inspected server installed it, powershell returns object info private key.

using procmon see when certificate installing regkey's private key it's doing on server performing install on remote server. need .net install certificate private key on remote machine. i've read on x509certificate2 docs doesn't touch on remote installs @ all, nor there in depth explanation these methods do.

i'm hoping it's simple changing environment variable before add() method, or maybe i've totally approached wrong angle. how install private key on remote server, not server pushing cert?

you can't move/copy certificates associated private keys on network. code, copying public part of certificate. private key remains on source server , not moved/copied anywhere.

hasprivatekey property store-attached property , has little relation fact of existence of private key , not reliable way determine whether private key installed certificate.

the right way re-create certificate private key across machines to:

export certificate , assiciated private key using this: export(x509contenttype, securestring) or this: export(x509contenttype, string) overload. copy pfx file destination servers , utilize 1 of these overloads import certificate private key x509certificate2 object , utilize x509store object install store.

however, aware, if private key not marked exportable during key generation or installation, task impossible, because private key protected csp/ksp , unable export key provider.

c# .net powershell x509certificate2