|
There have been a few customer reports of interest in leveraging the Windows certificate store for cert management, rather than storing the certs on disk.
For instance, it could be useful to import the CA into the local cert store, and it could be useful to use Windows tooling to generate / store the certs in the My store for the LocalMachine. This is more "Windows native" than writing PEM files to disk.
For instance, my Windows host has certs automatically created and placed in the My store like this:
C:\Users\Administrator> dir Cert:\LocalMachine\My
|
|
|
Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My
|
|
|
Thumbprint Subject
|
---------- -------
|
99D0D1A4E577F39B19623A161289746233D56564 CN=WMSvc-VAGRANT-2008R2
|
5FBEE78476CCFC6758E817BC7316E8FDBD694259 CN=localhost
|
First class support of this would include some significant changes around:
-
Providing an option with the MSI install to use cert store instead of disk
-
Properly dealing with Puppet settings that have historically pointed to files on disk
-
Adding Windows specific code for cert management (likely using native APIs)
-
Updating relevant documentation
|
