How to do it...

  1. Create a self-signed certificate on SRV1, copy it to the local machine's root store, and then display it:
      Get-ChildItem -Path Cert:LocalMachine\My |          Where-Object Subject -eq 'CN=SRV1' |            Remove-Item -Force      $DscCert = New-SelfSignedCertificate `                   -CertStoreLocation 'CERT:\LocalMachine\MY' `                   -DnsName 'SRV1'       $C = 'System.Security.Cryptography.X509Certificates.X509Store'      $Store = New-Object -TypeName $C -ArgumentList       'Root','LocalMachine'      $Store.Open('ReadWrite')      $Store.Add($Dsccert)      $Store.Close()      $DscCert
  1. Copy the certificate to the root store on SRV2 and ensure it's the only one:
      $Sb = {        Param ($Rootcert)         Get-ChildItem Cert:LocalMachine\Root |             Where Subject -eq 'CN=SRV1' | Remove-Item -Force $C = 'System.Security.Cryptography.X509Certificates.X509Store' ...

Get Windows Server 2016 Automation with PowerShell Cookbook - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.