Creating and moving certificate in Powershell breaks the ability to sign other certificates

Question

Creating and moving certificate in Powershell breaks the ability to sign other certificates

I have created succesfully a powershell module wich create two certificates.

A general development Certificate Authority (or just a certificate)
A certificate for the project which is signed my 1) the Certificate Authority

Because Powershell does not allow you to create certificates in the root folder (Trusted Root Certification Authorites), the process is to first create it in my personal folder and then move it to the root. However this poses a problem. If I move the certificate becore I create the project certificate a get an error.

New-SelfSignedCertificate : CertEnroll::CSignerCertificate::Initialize: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)

If I create the project certificate before i move the Certificate Authority everything works fine.

this is how a create the certificate

$reqParams = @{
        FriendlyName      = $CertificateFriendlyName
        Subject           = "project cert"
        DnsName           = $AlternativeNames
        Signer            = $CertificateAuthorty
        KeyLength         = 2048
        KeyAlgorithm      = 'RSA'
        HashAlgorithm     = 'SHA256'
        KeyExportPolicy   = 'Exportable'
        NotAfter          = (Get-date).AddYears(2)
        CertStoreLocation = 'Cert:\LocalMachine\My'
    }
    $reqCert = New-SelfSignedCertificate @reqParams
    return $reqCert

Something must be missing when i move the certificate. Any ideas ?

powershell

certificate

asked on Stack Overflow Sep 23, 2020 by

Galtrold • edited Sep 23, 2020 by

Adis1102

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0