I have been tasked with automating installation of LetsEncrypt certficates on several Windows Server 2016 systems.
One requirement is to copy the ACL from the old private key to the new one, and so my script first identifies the unique container name from 'C:\ProgramData\Microsoft\Crypto'.
Assuming that I have set the value of $Thumbprint to the correct certifciate thumbprint - which I have... then I believe should be able to locate the private key in the filesystem using:
(((Get-Item "CERT:\LocalMachine\My\$Thumbprint").PrivateKey).CspKeyContainerInfo).UniqueKeyContainerName
This works great when I import the PFX using certlm.msc but not when I have imported the PFX using Powershell Import-PFXCertificate?
When imported using this cmdlet the .HasPrivateKey property is True, but the .PrivateKey property iteslef is empty. Additionally, I can set the permissions on the Key from within certlm.msc and can verify the keys location in 'C:\ProgramData\Microsoft\Crypto\Keys'. Incidentally that path is different from other SSL certs I have worked with where the key goes in the 'Crypto\RSA\MachineKeys'.
Any help or ideas would be much appreciated.
Edit:
Although the symptoms here are identical to the existing issue linked (PowerShell Import Pfx, and Private Key "Lost"), this doesn;t solve my problem as I am not defining my own function to import the PFX, I am using the native Powershell cmdlet Import-PfxCertificate and therefore am unable to change the x509 flags: https://learn.microsoft.com/en-us/powershell/module/pki/import-pfxcertificate?view=windowsserver2016-ps
