Table of Contents
There are a couple of ways to export a certificate from a Windows server. The most common way is to export a certificate from the ‘MMC’ console. If you want to know how to export a certificate from MMC, you can see this post. However, we are going to show you an alternate way of exporting a certificate from PowerShell commands. In this post, we have covered how to export a certificate from PowerShell in CER, PFX, P7B, and SST formats.
How to Export a Certificate From PowerShell in PFX format?
You should bear in mind that PFX certificates are always encrypted since they have a private key in the archive. It is mandatory to set a password to export a certificate in PFX format. Syntax of the command to export a certificate in PFX is:
Syntax:
$mypwd = ConvertTo-SecureString -String "<PASSWORD>" -Force -AsPlainText
Get-ChildItem -Path Cert:\<PATH>\ | where{$_.Thumbprint -eq "<THUMBPRINT OF THE CERTIFICATE>"} | Export-PfxCertificate -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Password $mypwd In this example, the first line of command signifies setting a password “1234” as a string text. Execute this command in Windows PowerShell to export a certificate with a Private Key which includes the chain of Intermediate and root CA certificate
Example:
$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.Thumbprint -eq "4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321"} | Export-PfxCertificate -FilePath C:\Temp\mypfx.pfx -Password $mypwd 
How to Export a Certificate From PowerShell in CER format?
It is simple to export a certificate from PowerShell in CER format comparatively exporting the same certificate in PFX format. In this export, it is good to have thumbprint of the certificate. In case if you don’t have the thumbprint, you can use any unique properties of a certificate to export. Syntax looks like this:
Syntax:
Get-ChildItem -Path Cert:<PATH> | where{$_.FriendlyName -eq "<NAME>"} | Export-Certificate -Type cer -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Force Example:
In this sample, the certificate has been exported using FriendlyName as a unique property instead of the Thumbprint.
Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.FriendlyName -eq "www.thesecmaster.local"} | Export-Certificate -Type cer -FilePath C:\Temp\newcert.cer -Force 
How to Export a Certificate From PowerShell in P7B format?
P7B is a certificate archive with chain certificates. The command and the procedure to export P7B certificate is more or less similar to CER certificate. You need to change the certificate type during the export. That’s all.
Syntax:
Get-ChildItem -Path Cert:<PATH> | where{$_.Thumbprint -eq "<THUMBPRINT>"} | Export-Certificate -Type p7b -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Force Example:
Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.Thumbprint -eq "4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321"} | Export-Certificate -Type p7b -FilePath C:\Temp\newcer.p7b -Force 
How to Export a Certificate From PowerShell in SST format?
It is similar to export a certificate in SST as CER. You can see the syntax and an example here below.
Syntax:
Get-ChildItem -Path Cert:<CERTIFICATE> | Export-Certificate -Type SST -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Force Example:
Get-ChildItem -Path cert:\localMachine\my\4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321 | Export-Certificate -Type SST -FilePath C:\Temp\newcer.sst -Force
How to Get the Thumbprint of a certificate?
Thumbprint plays a vital role in security. It is the hash or the signature of the certificate. The procedure is simple to get the thumbprint of a certificate. First, we will show you how to get the thumbprint of a certificate using the PowerShell command then we will show you the GUI method.
Command Line:
Issue this command to retrieve the thumbprint of your certificate:
$cert = Get-ChildItem Cert:\LocalMachine\My `
| where{$_.Subject -eq "CN=mysite.local"}Issue this command to retrieve the thumbprint of all the certificates in the personal store:
Get-ChildItem Cert:\LocalMachine\My\GUI:
As a bonus tip, we will show you how and where to find the thumbprint of a certificate. The procedure is simple. Open the certificate in Windows, go to Details tab then select the Thumbprint attribute. Or you can use any CLI tools like OpenSSL to view the certificate in CLI.
Open IIS website in any browser –> Click on ‘View Certificate‘
2. In certificate window –> click on ‘Details‘ tab –> select ‘Thumbprint‘ –> Thumbprint of a given certificate is
‘4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321′
We hope this post will show you how to export a certificate from PowerShell in CER, PFX, P7B, and SST formats. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- April 18, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- April 18, 2024
