-
-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New-PACertificate not using provided pfx password #412
Comments
Hi @egreiff907. Thanks for reaching out. This may end up being a bug but I won't likely be able to look into it until after the new year.
I'm guessing this is the root of the problem. Because it's picking up an existing order, it's ignoring the That said, you can work around the issue by modifying the cert/order after the fact using |
Thanks Ryan. Yes, my script is creating an order before calling New-PACertificate. I have changed my script to set pfxpass when creating the order. So that's getting me around the issue if indeed your intent was to have New-PACertificate update an existing order's pfxpass if the parameter is present. |
Hey @egreiff907. It was indeed a bug, though not where I originally thought it might be. I had a small logic error in I'll try to get a new release out soon with the fix. |
The fix is now live in version 4.12.0. |
I have a script issuing the following commands:
$pfxpass = ConvertTo-SecureString "*****" -AsPlainText
New-PACertificate -Domain $CertificateDNSList -CertKeyLength 2048 -PfxPassSecure $pfxpass -FriendlyName $maindomain -DnsAlias $CertificateDNSList -DnsSleep 15 -PreferredChain $PreferredChain -InformationAction SilentlyContinue -Verbose
with the following verbose output:
VERBOSE: Updating directory info from https://acme-staging-v02.api.letsencrypt.org/directory
VERBOSE: Using ACME Server https://acme-staging-v02.api.letsencrypt.org/directory
VERBOSE: Using account 9192261
VERBOSE: Order name not specified, using 'test3pfx.spscc.edu'
VERBOSE: Using existing order 'test3pfx.spscc.edu' with status ready
VERBOSE: Setting DnsAlias to test3pfx.spscc.edu
VERBOSE: Setting PfxPass to '*****'
VERBOSE: Setting DnsSleep to 15
VERBOSE: Saving order changes
VERBOSE: test3pfx.spscc.edu authorization is already valid
VERBOSE: Finalizing the order.
VERBOSE: Creating new certificate request with key length 2048.
VERBOSE: Creating new private key for the certificate request.
VERBOSE: Downloading signed certificate
VERBOSE: Updating cert expiration and renewal window
VERBOSE: Successfully created certificate.
The pfx files created have the default password 'poshacme' instead of my provided password. It was working before my last update to 4.10.0. I don't remember what version I updated from. Has anyone else mentioned this as an issue?
The text was updated successfully, but these errors were encountered: