I am working on power shell script to export certificate with private key which also includes all the certificates in the path. I wrote a script for that, it is not including the certificates in the path or the root certificate. Below is script. Kindly suggest me if there is any changes to make in my script. Thanks in Advance.
$Password="@de08nt2128"; #password to access certificate after expting
$CertName="WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName="WMSvc-WIN-9KC7DG31JBV"; # root certificate
$DestCertName="testcert"
$ExportPathRoot="C:\DestinationFolder"
$CertListToExport=Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -eq "CN=$RootCertName" }
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$CertDestPath=Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$type = [System.Security.Cryptography.X509Certificates.X509Certificate]::pfx
$SecurePassword = ConvertTo-SecureString -String $Password -Force –AsPlainText
$bytes = $CertToExport.export($type, $SecurePassword)
[System.IO.File]::WriteAllBytes($CertDestPath, $bytes)
}
"Completed"
Updated script to export all certificates matching a particular name and issuer (along with the private key). Make sure you run this with admin privileges:
# Script to export certificate from LocalMachine store along with private key
$Password = "@de08nt2128"; #password to access certificate after exporting
$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)
$ExportPathRoot = "C:\DestinationFolder"
$CertListToExport = Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*" }
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
# Destination Certificate Name should be CN.
# Since subject contains CN, OU and other information,
# extract only upto the next comma (,)
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(","));
$CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText
# Export PFX certificate along with private key
Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose
}
Updates from your scrip
$_.Issuer -eq "CN=$RootCertName"
to work you will have to include OU, O, S information as well so for it to work correctly so I modified it to be $_.Issuer -Like "CN=$RootCertName*"
so that it matches all Issuer's who's name starts with variable $RootCertName
$CertToExport.Subject.ToString().Replace("CN=","")
for generating pfx file name will cause the name to be of the format some-cert-name, OU=sometext, O=org, C=country.pfx
so it is better to restrict upt o the next comma (,) so I added $DestCertName.Substring(0, $DestCertName.IndexOf(","))
Export-PfxCertifcate
to export with private key