• Home
  • |
  • Blog
  • |
  • How to Export a Certificate From PowerShell?
How to Export a Certificate From PowerShell

There are a couple of ways to export a certificate from a Windows server. The most common way is to export a certificate from the ‘MMC’ console. If you want to know how to export a certificate from MMC, you can see this post. However, we are going to show you an alternate way of exporting a certificate from PowerShell commands. In this post, we have covered how to export a certificate from PowerShell in CER, PFX, P7B, and SST formats.

How to Export a Certificate From PowerShell in PFX format?

You should bear in mind that PFX certificates are always encrypted since they have a private key in the archive. It is mandatory to set a password to export a certificate in PFX format. Syntax of the command to export a certificate in PFX is:

Syntax:

$mypwd = ConvertTo-SecureString -String "<PASSWORD>" -Force -AsPlainText
Get-ChildItem -Path Cert:\<PATH>\ | where{$_.Thumbprint -eq "<THUMBPRINT OF THE CERTIFICATE>"} | Export-PfxCertificate -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Password $mypwd 

In this example, the first line of command signifies setting a password “1234” as a string text. Execute this command in Windows PowerShell to export a certificate with a Private Key which includes the chain of Intermediate and root CA certificate

Example:

$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.Thumbprint -eq "4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321"} | Export-PfxCertificate -FilePath C:\Temp\mypfx.pfx -Password $mypwd 

How to Export a Certificate From PowerShell in CER format?

It is simple to export a certificate from PowerShell in CER format comparatively exporting the same certificate in PFX format. In this export, it is good to have thumbprint of the certificate. In case if you don’t have the thumbprint, you can use any unique properties of a certificate to export. Syntax looks like this:

Syntax:

Get-ChildItem -Path Cert:<PATH> | where{$_.FriendlyName -eq "<NAME>"}  | Export-Certificate -Type cer -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Force 

Example:

In this sample, the certificate has been exported using FriendlyName as a unique property instead of the Thumbprint.

Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.FriendlyName -eq "www.thesecmaster.local"}  | Export-Certificate -Type cer -FilePath C:\Temp\newcert.cer -Force 

How to Export a Certificate From PowerShell in P7B format?

P7B is a certificate archive with chain certificates. The command and the procedure to export P7B certificate is more or less similar to CER certificate. You need to change the certificate type during the export. That’s all.

Syntax:

Get-ChildItem -Path Cert:<PATH> | where{$_.Thumbprint -eq "<THUMBPRINT>"}  | Export-Certificate -Type p7b -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Force 

Example:

Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.Thumbprint -eq "4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321"}  | Export-Certificate -Type p7b -FilePath C:\Temp\newcer.p7b -Force 

How to Export a Certificate From PowerShell in SST format?

It is similar to export a certificate in SST as CER. You can see the syntax and an example here below.

Syntax:

Get-ChildItem -Path Cert:<CERTIFICATE> | Export-Certificate -Type SST -FilePath <PATH WHERE THE CERTIFICATE IS SAVED> -Force 

Example:

Get-ChildItem -Path cert:\localMachine\my\4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321 | Export-Certificate -Type SST -FilePath C:\Temp\newcer.sst -Force

How to Get the Thumbprint of a certificate?

Thumbprint plays a vital role in security. It is the hash or the signature of the certificate. The procedure is simple to get the thumbprint of a certificate. First, we will show you how to get the thumbprint of a certificate using the PowerShell command then we will show you the GUI method.

Command Line:

Issue this command to retrieve the thumbprint of your certificate:

$cert = Get-ChildItem Cert:\LocalMachine\My `
   | where{$_.Subject -eq "CN=mysite.local"}

Issue this command to retrieve the thumbprint of all the certificates in the personal store:

Get-ChildItem Cert:\LocalMachine\My\

GUI:

As a bonus tip, we will show you how and where to find the thumbprint of a certificate. The procedure is simple. Open the certificate in Windows, go to Details tab then select the Thumbprint attribute. Or you can use any CLI tools like OpenSSL to view the certificate in CLI. 

  1. Open IIS website in any browser –> Click on ‘View Certificate

2. In certificate window –> click on ‘Details‘ tab –> select ‘Thumbprint‘ –> Thumbprint of a given certificate is

4eeee9dca7dd5ccf70e47e46ac1128ddddbbb321′

We hope this post will show you how to export a certificate from PowerShell in CER, PFX, P7B, and SST formats. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.