Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support the Cert:/ PSDrive on non-Windows platforms

See original GitHub issue

Steps to reproduce

Switch to Cert:/ Drive and run Get-ChildItem

Expected behavior

PS Cert:/> get-childitem

Location : CurrentUser StoreNames :

Location : LocalMachine StoreNames :

Actual behavior

PS Cert:/> get-childitem get-childitem : Cannot find path ‘/Cert:/’ because it does not exist. At line:1 char:1

get-childitem

- CategoryInfo          : ObjectNotFound: (/Cert:/:String) [Get-ChildItem], ItemNotFoundException
- FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

Environment data

> $PSVersionTable
Name                           Value
----                           -----
PSVersion                      6.0.0-alpha
PSEdition                      Core
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   3.0.0.0
GitCommitId                    v6.0.0-alpha.8
CLRVersion
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Issue Analytics

State:
Created 7 years ago
Reactions:6
Comments:11 (7 by maintainers)

Top GitHub Comments

2reactions

TravisEz13commented, May 24, 2017

@joeyaiello What would an x509 cert provider do on a Linux machine? Well, it could enumerate the certs in /etc/ssl, /etc/pki/tls , /system/etc/security/cacerts, but the semantics would need to be quite different than on windows to be useful.

1reaction

markekrauscommented, Dec 8, 2017

In researching supported and unsupported features in .NET core’s Web Cmdlets I discovered that the certificate stores are working in .NET on both Linux and macOS. they can be directly manipulated via the .NET APIs through pwsh. On Linux, the current user my store gets created in ~/.dotnet/corefx/cryptography/x509stores/my. on macOS it is using Apple’s Security.Framework API.

Using the ClientCert.pfx in the WebListener, I can initialize the Linux CurrentUser\My store like so:

# Do some prep work
$StoreName = [System.Security.Cryptography.X509Certificates.StoreName]
$StoreLocation = [System.Security.Cryptography.X509Certificates.StoreLocation]
$OpenFlags = [System.Security.Cryptography.X509Certificates.OpenFlags]
$Store = [System.Security.Cryptography.X509Certificates.X509Store]::new(
    $StoreName::My, $StoreLocation::CurrentUser)

# Get a certificate
$X509Certificate2 = [System.Security.Cryptography.X509Certificates.X509Certificate2]
$CertPath = (Resolve-Path 'ClientCert.pfx').Path
$Cert = $X509Certificate2::New($CertPath, 'password')

# Open the store, Add the cert, Close the store.
$Store.Open($OpenFlags::ReadWrite)
$Store.Add($Cert)
$Store.Close()

After doing that on Linux, I am able to use cert auth via thumbprint:

$Thumbprint = '2DECF1348FF21B780F45D316A039B5EB4C6312F7'
$Uri = 'https://prod.idrix.eu/secure/'
Invoke-RestMethod -Uri $Uri -CertificateThumbprint $Thumbprint

Cert auth doesn’t work at all on macOS, but, I can still manipulate and search the CurrentUser\My store using the .NET APIs.

I think this support should be readded for x-plat in 6.1.0.