Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CertReq resource cannot request multiple certificates with same subject name #269

Closed
raandree opened this issue Sep 7, 2022 · 2 comments · Fixed by #271
Closed

CertReq resource cannot request multiple certificates with same subject name #269

raandree opened this issue Sep 7, 2022 · 2 comments · Fixed by #271
Assignees
Labels
breaking change When used on an issue, the issue has been determined to be a breaking change. enhancement The issue is an enhancement request.

Comments

@raandree
Copy link

raandree commented Sep 7, 2022

Problem description

Requesting more than one certificate with the same subject name results in a conflict as the only key property is SubjectName.

This would be a breaking change as the FriendlyName would become a mandatory parameter.

Verbose logs

Test-ConflictingResources : A conflict was detected between resources '[CertReq]SSLCert1 (C:\Users\Install.contoso\Desktop\certs.ps1::16::9::CertReq)' and '[CertReq]SSLCert2 
(C:\Users\Install.contoso\Desktop\certs.ps1::34::9::CertReq)' in node 'localhost'. Resources have identical key properties but there are differences in the following non-key 
properties: 'FriendlyName;SubjectAltName'. Values 'SSL Cert for Web Server 1;NULL' don't match values 'SSL Cert for Web Server 2;dns=fabrikam.com&dns=contoso.com'. Please update 
these property values so that they are identical in both cases.
At line:289 char:9
+         Test-ConflictingResources $keywordName $canonicalizedValue $k ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException
    + FullyQualifiedErrorId : ConflictingDuplicateResource,Test-ConflictingResources
Compilation errors occurred while processing configuration 'Req1'. Please review the errors reported in error stream and modify your configuration code appropriately.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:3917 char:5
+     throw $ErrorRecord
+     ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Req1:String) [], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessConfiguration

DSC configuration

configuration Req1
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullorEmpty()]
        [System.Management.Automation.PSCredential]
        $Credential
    )

    Import-DscResource -ModuleName CertificateDsc

    Node localhost
    {
        CertReq SSLCert1
        {
            CARootName          = 'LabRootCA1'
            CAServerFQDN        = 'dsccasql01.contoso.com'
            Subject             = 'test.contoso.com'
            KeyLength           = '2048'
            Exportable          = $true
            ProviderName        = 'Microsoft RSA SChannel Cryptographic Provider'
            OID                 = '1.3.6.1.5.5.7.3.1'
            KeyUsage            = '0xa0'
            CertificateTemplate = 'WebServer'
            AutoRenew           = $true
            FriendlyName        = 'SSL Cert for Web Server 1'
            Credential          = $Credential
            KeyType             = 'RSA'
            RequestType         = 'CMC'
        }

        CertReq SSLCert2
        {
            CARootName          = 'LabRootCA1'
            CAServerFQDN        = 'dsccasql01.contoso.com'
            Subject             = 'test.contoso.com'
            KeyLength           = '2048'
            Exportable          = $true
            ProviderName        = 'Microsoft RSA SChannel Cryptographic Provider'
            OID                 = '1.3.6.1.5.5.7.3.1'
            KeyUsage            = '0xa0'
            CertificateTemplate = 'WebServer'
            SubjectAltName      = 'dns=fabrikam.com&dns=contoso.com'
            AutoRenew           = $true
            FriendlyName        = 'SSL Cert for Web Server 2'
            Credential          = $Credential
            KeyType             = 'RSA'
            RequestType         = 'CMC'
        }
    }
}

$configData = @{
    AllNodes = @(
        @{
            NodeName             = 'localhost';
            PSDscAllowDomainUser = $true
            PsDscAllowPlainTextPassword = $true
        }
    )
}

$cred = New-Object pscredential('contoso\install', ('Somepass1' | ConvertTo-SecureString -AsPlainText -Force))
Req1 -Credential $cred -OutputPath C:\Dsc -ConfigurationData $configData

Start-DscConfiguration -Path C:\Dsc -Wait -Force -Verbose

Suggested solution

Changing the property FriendlyName from Write to Key.

Operating system the target node is running

NA

PowerShell version and build the target node is running

Windows PowerShell 5.1

CertificateDsc version

5.1.0
@PlagueHO PlagueHO added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. breaking change When used on an issue, the issue has been determined to be a breaking change. labels Sep 7, 2022
@PlagueHO
Copy link
Member

PlagueHO commented Sep 7, 2022

Sounds like a good change. Think you'll submit a PR for it?

@raandree
Copy link
Author

raandree commented Sep 8, 2022

Yes, working on it.

@PlagueHO PlagueHO added in progress The issue is being actively worked on by someone. and removed help wanted The issue is up for grabs for anyone in the community. labels Sep 8, 2022
@johlju johlju removed the in progress The issue is being actively worked on by someone. label Dec 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking change When used on an issue, the issue has been determined to be a breaking change. enhancement The issue is an enhancement request.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants