-
Notifications
You must be signed in to change notification settings - Fork 67
CertificateImport
dscbot edited this page Jan 8, 2026
·
7 revisions
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Location | Key | String | The Windows Certificate Store Location to import the certificate to. |
LocalMachine, CurrentUser
|
| Store | Key | String | The Windows Certificate Store Name to import the certificate to. | |
| Thumbprint | Key | String | The thumbprint (unique identifier) of the certificate you're importing. | |
| Content | Write | String | The base64 encoded content of the CER file you want to import. | |
| Ensure | Write | String | Specifies whether the certificate should be present or absent. |
Present, Absent
|
| FriendlyName | Write | String | The friendly name of the certificate to set in the Windows Certificate Store. | |
| Path | Write | String | The path to the CER file you want to import. |
The resource is used to import a certificate into a Windows certificate store.
Import public key certificate into Trusted Root store.
Configuration CertificateImport_MinimalUsage_Config
{
Import-DscResource -ModuleName CertificateDsc
Node localhost
{
CertificateImport MyTrustedRoot
{
Thumbprint = 'c81b94933420221a7ac004a90242d8b1d3e5070d'
Location = 'LocalMachine'
Store = 'Root'
Path = '\\Server\Share\Certificates\MyTrustedRoot.cer'
}
}
}Import public key certificate into Trusted Root store and set the Fiendly Name to 'Contoso Root CA'.
Configuration CertificateImport_FriendlyName_Config
{
Import-DscResource -ModuleName CertificateDsc
Node localhost
{
CertificateImport MyTrustedRoot
{
Thumbprint = 'c81b94933420221a7ac004a90242d8b1d3e5070d'
Location = 'LocalMachine'
Store = 'Root'
Path = '\\Server\Share\Certificates\MyTrustedRoot.cer'
FriendlyName = 'Contoso Root CA'
}
}
}Import public key certificate into Trusted Root store from a provided base64 encoded string.
Configuration CertificateImport_WithContent_Config
{
Import-DscResource -ModuleName CertificateDsc
<#
Create mock base64 value
example for converting an existing file:
$contentBase64 = [Convert]::ToBase64String([IO.File]::ReadAllBytes($certificateFilePath))
#>
$contentBase64 = [System.Convert]::ToBase64String(@(00, 00, 00))
Node localhost
{
CertificateImport MyTrustedRoot
{
Thumbprint = 'c81b94933420221a7ac004a90242d8b1d3e5070d'
Location = 'LocalMachine'
Store = 'Root'
Content = $contentBase64
}
}
}