From ba353b0f8fa5ddf43302c47acc67f8c30023c260 Mon Sep 17 00:00:00 2001
From: Matt Davis <nitzmahone@users.noreply.github.com>
Date: Mon, 13 Feb 2017 01:16:23 -0800
Subject: [PATCH] fix ambiguous cert selection in WinRM enable script (#21263)

Rather than trying to guess which cert we just generated,   parse the generated cert data and extract the thumbprint directly.
---
 examples/scripts/ConfigureRemotingForAnsible.ps1 | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/examples/scripts/ConfigureRemotingForAnsible.ps1 b/examples/scripts/ConfigureRemotingForAnsible.ps1
index be4c8129d97..6ec31b8579b 100644
--- a/examples/scripts/ConfigureRemotingForAnsible.ps1
+++ b/examples/scripts/ConfigureRemotingForAnsible.ps1
@@ -112,10 +112,11 @@ Function New-LegacySelfSignedCert
     $certdata = $enrollment.CreateRequest(0)
     $enrollment.InstallResponse(2, $certdata, 0, "")
 
-    # Return the thumbprint of the last installed certificate;
-    # This is needed for the new HTTPS WinRM listerner we're
-    # going to create further down.
-    Get-ChildItem "Cert:\LocalMachine\my"| Sort-Object NotBefore -Descending | Select -First 1 | Select -Expand Thumbprint
+    # extract/return the thumbprint from the generated cert
+    $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
+    $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata))
+
+    return $parsed_cert.Thumbprint
 }
 
 # Setup error handling.