So i've been playing around with IIS Centralized certificate management by creating some test certificates using powershell.
Powershell commandlets (Export-pfxcertifcate) usually create a certificate and it's corresponding private key and store it directly to the certificate store. And then you export it as pfx and store it at the central location. And then the certificate "needs" to be deleted from the store.
But this process seems counterproductive to how centralized certificate management is supposed to work so I'm wondering - how is one supposed to (in an automated fashion)
- 1. generate a key-pair
- 2. generate a csr
- 3. get the signed cer from CA
- 4. export everything to the file share where IIS centralized certificate management looks up
without involving third party tooling and not relying on certificates being stored in the certificate store.