Provision to Microsoft Windows (PowerShell)
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Provision to Microsoft Windows (PowerShell)
Use this procedure to provision a certificate from Next-Gen Trust Security to a Microsoft Windows (PowerShell) machine.
Tip: Before you begin, verify that the Microsoft Windows (PowerShell) machine is already created in Next-Gen Trust Security and that prerequisite configuration is complete. See Create a new Microsoft Windows (PowerShell) machine.
- Sign in to Next-Gen Trust Security.
- Click Insights > Machines.
- Select the Microsoft Windows (PowerShell) machine you want to provision a certificate to.
- Click Provision a certificate.
- From Choose a certificate from the inventory, search for and select the certificate you want to provision.Verify that you selected the correct certificate by reviewing the Subject DN, Validity, and Fingerprint.
- From CAPI Store, select the certificate store where the certificate will be installed.
- Enter a Friendly Name for the certificate in the Windows certificate store.
- (Optional) Enable Allow private key to be exported if the private key must be exportable.
- (Optional) To invoke a PowerShell script after certificate installation, enable Installation Endpoint.Note: When enabled, Next-Gen Trust Security executes the configured PowerShell script using the credentials associated with the machine. The script can consume the provisioned certificate (for example, bind it to a Windows service).The script must implement a function named bind-certificate with the following parameters:
- certificateStore (string)
- thumbprint (string)
A successful execution must return exit code 0. A non-zero exit code indicates failure and is reported in Next-Gen Trust Security.Example:function bind-certificate([string]$certificateStore, [string]$thumbprint) { return 0 }In Script Path, enter the full path to the PowerShell script.(Optional) To create the certificate record without pushing it, set Push upon saving to No.When set to Yes (default), saving installs the certificate in the CAPI store. If Installation Endpoint is enabled, the script is also executed.Click Save.After saving, Next-Gen Trust Security installs the certificate on the Windows machine and creates an installation record on the Installations tab.