Use this resource when you need to deploy an Enterprise or Standalone Certificate Authority for your organization’s PKI infrastructure. This is required when you want to issue certificates internally for SSL/TLS, code signing, smart card authentication, or other PKI-dependent services.
Source |
|
DSC Resource |
|
Documentation |
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
IsSingleInstance |
Key |
String |
Specifies the resource is a single instance, the value must be |
|
CAType |
Mandatory |
String |
Specifies the type of certification authority to install. |
|
Credential |
Mandatory |
PSCredential |
To install an enterprise certification authority, the computer must be joined to an Active Directory Domain Services domain and a user account that is a member of the Enterprise Admin group is required. To install a standalone certification authority, the computer can be in a workgroup or AD DS domain. If the computer is in a workgroup, a user account that is a member of Administrators is required. If the computer is in an AD DS domain, a user account that is a member of Domain Admins is required. |
|
Ensure |
String |
Specifies whether the Certificate Authority should be installed or uninstalled. |
|
|
CACommonName |
String |
Specifies the certification authority common name. |
||
CADistinguishedNameSuffix |
String |
Specifies the certification authority distinguished name suffix. |
||
CertFile |
String |
Specifies the file name of certification authority PKCS 12 formatted certificate file. |
||
CertFilePassword |
PSCredential |
Specifies the password for certification authority certificate file. |
||
CertificateID |
String |
Specifies the thumbprint or serial number of certification authority certificate. |
||
CryptoProviderName |
String |
The name of the cryptographic service provider or key storage provider that is used to generate or store the private key for the CA. |
||
DatabaseDirectory |
String |
Specifies the folder location of the certification authority database. |
||
HashAlgorithmName |
String |
Specifies the signature hash algorithm used by the certification authority. |
||
IgnoreUnicode |
Boolean |
Specifies that Unicode characters are allowed in certification authority name string. |
|
|
KeyContainerName |
String |
Specifies the name of an existing private key container. |
||
KeyLength |
UInt32 |
Specifies the bit length for new certification authority key. |
||
LogDirectory |
String |
Specifies the folder location of the certification authority database log. |
||
OutputCertRequestFile |
String |
Specifies the folder location for certificate request file. |
||
OverwriteExistingCAinDS |
Boolean |
Specifies that the computer object in the Active Directory Domain Service domain should be overwritten with the same computer name. |
||
OverwriteExistingDatabase |
Boolean |
Specifies that the existing certification authority database should be overwritten. |
||
OverwriteExistingKey |
Boolean |
Overwrite existing key container with the same name |
|
|
ParentCA |
String |
Specifies the configuration string of the parent certification authority that will certify this CA. |
||
ValidityPeriod |
String |
Specifies the validity period of the certification authority certificate in hours, days, months or years. If this is a subordinate CA, do not use this parameter, because the validity period is determined by the parent CA. |
|
|
ValidityPeriodUnits |
UInt32 |
Validity period of the certification authority certificate. If this is a subordinate CA, do not specify this parameter because the validity period is determined by the parent CA. |
CertificateAuthorities:
IsSingleInstance: Yes
Credential: '[ENC=PE9ianMgVmVyc2lv...=]'
CAType: EnterpriseSubordinateCA
CACommonName: Contoso Issuing CA