Add-DbaComputerCertificate

Want to see the source code for this command? Check out Add-DbaComputerCertificate on GitHub.
Want to see the Bill Of Health for this command? Check out Add-DbaComputerCertificate.

Synopsis

Adds a computer certificate - useful for older systems.

Description

Adds a computer certificate from a local or remote computer.

Syntax

Add-DbaComputerCertificate
    [[-ComputerName] <DbaInstanceParameter[]>]
    [[-Credential] <PSCredential>]
    [[-SecurePassword] <SecureString>]
    [[-Certificate] <X509Certificate2[]>]
    [[-Path] <String>]
    [[-Store] <String>]
    [[-Folder] <String>]
    [[-Flag] <String[]>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Examples

Example: 1

PS C:\> Add-DbaComputerCertificate -ComputerName Server1 -Path C:\temp\cert.cer

Adds the local C:\temp\cert.cer to the remote server Server1 in LocalMachine\My (Personal).

Example: 2

PS C:\> Add-DbaComputerCertificate -Path C:\temp\cert.cer

Adds the local C:\temp\cert.cer to the local computer's LocalMachine\My (Personal) certificate store.

Example: 3

PS C:\> Add-DbaComputerCertificate -Path C:\temp\cert.cer

Adds the local C:\temp\cert.cer to the local computer's LocalMachine\My (Personal) certificate store.

Example: 4

PS C:\> Add-DbaComputerCertificate -ComputerName sql01 -Path C:\temp\sql01.pfx -Confirm:$false -Flag NonExportable

Adds the local C:\temp\sql01.pfx to sql01's LocalMachine\My (Personal) certificate store and marks the private key as non-exportable. Skips confirmation prompt.

Optional Parameters

-ComputerName

The target SQL Server instance or instances. Defaults to localhost.

-Credential

Allows you to login to $ComputerName using alternative credentials.

-SecurePassword

The password for the certificate, if it is password protected.

-Certificate

The target certificate object.

-Path

The local path to the target certificate object.

-Store

Certificate store. Default is LocalMachine.

-Folder

Certificate folder. Default is My (Personal).

-Flag

Defines where and how to import the private key of an X.509 certificate.
Defaults to: Exportable, PersistKeySet
EphemeralKeySet
The key associated with a PFX file is created in memory and not persisted on disk when importing a certificate.
Exportable
Imported keys are marked as exportable.
NonExportable
Expliictly mark keys as nonexportable.
PersistKeySet
The key associated with a PFX file is persisted when importing a certificate.
UserProtected
Notify the user through a dialog box or other method that the key is accessed. The Cryptographic Service Provider (CSP) in use defines the precise behavior. NOTE: This can only be used when you
add a certificate to localhost, as it causes a prompt to appear.

-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

-WhatIf

If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.

-Confirm

If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.