I never did formally test this one out so I used 2 versions of PowerShell and installed the certificate of the service principal in the first test in the user store, then the computer store for the 2nd one. Additionally when I installed the certificate, I set it such the private key is non-exportable.
| PowerShell | Current User | Local Computer |
|---|---|---|
| 5.x | Works | Works |
| 7.x | Works | Works |
As you can see from the above, both worked. How you configure yours is up to you, but I can imagine a scenario where a shared management server that needs to run automation (created by different admins) will have its certificate installed in the computer store.
Update: I notice that every time I reboot, the certificate authentication stops working when the certificate is in the computer store. But after I delete and re-import, it works again. Not sustainable and I am not sure yet why this is the case, but will dig thru...
No comments:
Post a Comment