PKI Install PFX Certificate on Windows
Go to Automation :materialformkdocs: Go to Automation Hub Docs
Description
This automation playbook installs a PFX certificate from Passwordstate onto a Windows server. It retrieves the PFX certificate document from Passwordstate, copies it to the target Windows server, installs it in the LocalMachine certificate store, and cleans up temporary files. The playbook ensures secure certificate deployment for servers, services, or applications requiring certificate-based authentication or encryption.
Credentials
- sys_srvaapwin_pki (PKI service account credentials)
Input
| Variable | Description | Default |
|---|---|---|
certificate_details |
JSON object containing certificate details including document_id_pfx | |
cert_password |
Password for the PFX certificate | |
installed_on |
FQDN of the Windows server where the certificate will be installed | |
pki_creds |
PKI service account credentials for Passwordstate access |
Output (Ansible facts)
| Variable | Description |
|---|---|
pws_document |
Document details retrieved from Passwordstate |
install_pfx_ansible |
Result of the certificate installation process |
install_pfx_result_pws |
Result of the cleanup process |
Process Flow
- Retrieve PFX from Passwordstate: Downloads the PFX certificate document using the document ID
- Cleanup existing files: Removes any existing PFX files from the target server's temp directory
- Copy PFX to target: Transfers the PFX file to the Windows server at
C:\Temp\cert.pfx - Install certificate: Installs the PFX certificate in the LocalMachine certificate store
- Cleanup: Removes the temporary PFX file from the target server for security
Security Notes
- PFX files are only temporarily stored on the target server during installation
- All temporary files are automatically cleaned up after installation
- Certificate is installed in the LocalMachine store for system-wide availability
- Passwordstate API access is secured using service account credentials