I'm new to powershell so please be patient with me.
I am working to create a script that can generate password in PowerShell for PFX certificate export. First i called the new function to generate the password as shown below
function Generate-RandomPassword{
param (
[Parameter(Mandatory)]
[int] $length
)
#$charSet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789{}+[]*=:()$^%;_!&#?>.'.ToCharArray()
$charSet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.ToCharArray()
$rng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
$bytes = New-Object byte[]($length)
$key = New-Object Byte[] 16
$rng.GetBytes($bytes)
$result = New-Object char[]($length)
for ($i = 0 ; $i -lt $length ; $i++) {
$result[$i] = $charSet[$bytes[$i]%$charSet.Length]
}
return (-join $result)
}
Then i used Generate-RandomPassword 16 | Set-Content -Path C:\PFX\certs\PASSWORD.txt to generate the password and pipe the random password out to a filesystem for storage which works fine
Secondly, i intend to use the $CertfilePath variable to store the common name of the certificate i intend to export. This specifies the CERT: logical drive, the computer account, and then the Personal identity store and then the -dnsname parameter here dictates which CN i am targeting using the below
$CertFilePath = Get-ChildItem -Path Cert:LocalMachine\MY -dnsname *TARGET*
Finally, i want to be able to ConvertTo-SecureString which accepts pipe input, however the the -key parameter is required and is the sticking point here, it is the # of bytes used to convert the plaintext: 128, 192, or 256 bits are valid options. Note that the Generate-RandomPassword integer was lowered to 16, 16*8=exactly 128 bits. I tried to shorten it for compatibility to fit the byte array length of 128 but something about how i am populating this -key value is incorrect with the below
$PfxExportPassword = get-content -path C:\PFX\certs\PASSWORD.txt | ConvertTo-SecureString -key 32
When i run the above, i get the below error
ConvertTo-SecureString : The specified key is not valid. Valid key length settings are either 128 bits, 192 bits, or 256 bits. At line:1 char:80
Try to export it -AsPlainText and see if then Export-PfxCertificate accepts $PfxExportPassword as password parameter.