Directly use Windows API to install pfx certificate. This way you can…

… specify if CNG should be used when importing pfx. Expose the following extra options: * pfx_exportable - mark private key as exportable * pfx_prefer_cng_ksp - use ksp if preference is not specified * pfx_always_cng_ksp - force ksp certificate Signed-off-by: Taliesin Sisson <[email protected]>
chef-boneyard · Aug 10, 2017 · 51ec521 · 51ec521
1 parent 1f3b29c
commit 51ec521
Show file tree

Hide file tree

Showing 2 changed files with 1,111 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -57,11 +57,15 @@ Installs a certificate into the Windows certificate store from a file, and grant
 #### Properties
 
 - `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).
+- `pfx_exportable` - if false (default) then do not allow certificate to be exported if it is a pfx file
+- `pfx_prefer_cng_ksp` - if false (default) then do not use CNG KSP if a provider has not been specified by certificate if it is a pfx file
+- `pfx_always_cng_ksp` - if false (default) then do not override provider specified by certificate to use CNG KSP if it is a pfx file
 - `pfx_password` - the password to access the source if it is a pfx file.
 - `private_key_acl` - array of 'domain\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.
 - `store_name` - the certificate store to manipulate. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).
 - `user_store` - if false (default) then use the local machine store; if true then use the current user's store.
 
+
 #### Examples
 
 ```ruby