Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

correct location of generated cert #4881

Open
wants to merge 1 commit into
base: Dev
Choose a base branch
from
Open

correct location of generated cert #4881

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1246,7 +1246,7 @@ If specified, a new secret will be created for the application. -CreateNewSecret
The path to the certificate to be uploaded for the app registration. If using with -CreateSelfSignedCertificate - a file with this name will be created and uploaded (file must not exist). Otherwise the file must already exist. Cannot be used with -CreateNewSecret simultaneously.

.Parameter CreateSelfSignedCertificate
If specified, a self-signed certificate will be created for the application. -CreateSelfSignedCertificate or -CertificatePath can be used, not both.
If specified, a self-signed certificate will be created for the application.

.Parameter AdminConsent
If specified, admin consent will be granted for the application.
Expand Down Expand Up @@ -1430,7 +1430,7 @@ function Update-M365DSCAzureAdApplication
}
else
{
# Neither CertificatePath and CreateSelfSignedCertificate are specified.
# Neither CertificatePath nor CreateSelfSignedCertificate are specified.
Write-LogEntry -Message 'Certificate is specified as Type, but neither the CertificatePath or CreateSelfSignedCertificate parameters are specified.' -Type Error
return
}
Expand Down Expand Up @@ -1714,7 +1714,7 @@ function Update-M365DSCAzureAdApplication
if ($CreateSelfSignedCertificate)
{
Write-LogEntry ' CreateSelfSignedCertificate specified, generating new Self Signed Certificate'
$cerCert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\CurrentUser\My' `
$cerCert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\LocalMachine\My' `
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part depends on what the intent is. If the user wants to do an Export, than the CurrentUser store is where the certificate should be placed. If it's a logic path using the LCM (e.g., Start/Test-DSCConfiguration) then LocalMachine is required.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but currently it does neither an export-pfx nor places it in a store for subsequent use. So as a new user, I cannot use this scriptlet to configure a service principal for me.

-Subject "CN=$ApplicationName" `
-KeySpec Signature `
-NotAfter $endDate `
Expand Down
Loading