Filtered the Private Key Password from view and improved error message when invalid CSP was used.

Author: Bob Pokorny

IISU/ImplementedStoreTypes/WinIIS/Management.cs

@@ -298,9 +298,10 @@ public string AddCertificate(string certificateContents, string privateKeyPasswo
             catch (Exception ex)        
             {
                 var failureMessage = $"Management job {_operationType} failed on Store '{_storePath}' on server '{_clientMachineName}' with error: '{LogHandler.FlattenException(ex)}'";
+                var niceMessage = $"Management job {_operationType} failed on Store '{_storePath}' on server '{_clientMachineName}' with error: {ex.Message}";
                 _logger.LogError(failureMessage);
 
-                throw new Exception (failureMessage);
+                throw new Exception (niceMessage);
             }
 }
         public void RemoveIISCertificate(string thumbprint)

IISU/PowerShellScripts/WinCertScripts.ps1

@@ -227,12 +227,13 @@ function Add-KFCertificateToStore{
             try {
                 # Build certutil command to import the certificate with exportable private key and CSP
                 $command = "certutil -f -p `"$PrivateKeyPassword`" -csp `"$CryptoServiceProvider`" -importpfx $StoreName `"$tempPfx`""
+                $traceCommand = "certutil -f -p `"************`" -csp `"$CryptoServiceProvider`" -importpfx $StoreName `"$tempPfx`""
 
-                Write-Verbose "Running: $command"
+                Write-Verbose "Running: $traceCommand"
                 $output = Invoke-Expression $command
 
                 if ($LASTEXITCODE -ne 0) {
-                    throw "certutil failed with code $LASTEXITCODE. Output: $output"
+                    throw "certutil failed with code $LASTEXITCODE. `nOutput: $output `nMake sure there is no cryptographic mismatch and the CSP supports the imported PFX.`n"
                 }
 
                 # Get latest cert with private key in the store