Forum Discussion
h3rb3rt
Dec 16, 2021Copper Contributor
PowerShell Export-PfxCertificate Problem
Hello Community,
i have the following problem:
When i export my root-Certificate as cer with PowerShell and with certmgr i get completly the same content in my files.
BUT
My child-pfx-Certificate exported with crtmgr is smaller (4KB), than the same certificate exported with PowerShell (15KB).
I think the reason are missing options in Export-PfxCertificate
My Command is:
Get-ChildItem -Path $systemcertpath | Export-PfxCertificate -FilePath $childcert -NoProperties -Password $password
When i export with crtmgr i have 4 checkboxes (first and last checked):
- Including all certificates in the certification path if possible
- Delete the private key if the export is successful
- Export all extended properties
- Enable certificate privacy
I think with "-NoProperties" i disable the Export of all extended properties (third Checkbox), but im not sure.
Why my exported Certificates are not equal? How to solve this?
Best regards and thanks for your help!
- Hello, how are you?
How many certificates "Get-ChildItem -Path $systemcertpath" is outputting? it seems it is probably more than one certificate there, but you need only one, right?
I used this and I got the same certificate size both with mmc and Ps
Get-ChildItem -Path cert:\LocalMachine\my\327911063683D218873824A150B695F3875F8A38 | Export-PfxCert
ificate -NoProperties -ChainOption EndEntityCertOnly -Password $mypwd -FilePath C:\Users\Desktop\qaz321.pfx
- Hello
Exactly as you thought, -NoProperties description confirms
"Specifies whether the extended properties for a certificate are exported. If this parameter is specified, then extended properties are not included with the export. By default, all extended properties are included in the exported file."
Are they equal if you remove -NoProperties?- h3rb3rtCopper ContributorThanks for your answer!
When i remove -NoProperties, i get another file, but still not a copy of my pfx exported with crtmgr.
In addition i did not check "Export all extended properties" in crtmgr, so i will need "-NoProperties".
I specified the -CryptoAlgorithmOption, but it should be useless because TripleDES_SHA1 is the default Value.
I specified the -ChainOption with value BuildChain. I think thats the equivalent of my checked checkbox "Including all certificates in the certification path if possible" in crtmgr.
Still my pfx from PowerShell is much bigger, than my pfx from crtmgr.
Get-ChildItem -Path $systemcertpath | Export-PfxCertificate -FilePath $childcert -NoProperties -CryptoAlgorithmOption TripleDES_SHA1 -ChainOption BuildChain -Password $password- Hello, how are you?
How many certificates "Get-ChildItem -Path $systemcertpath" is outputting? it seems it is probably more than one certificate there, but you need only one, right?
I used this and I got the same certificate size both with mmc and Ps
Get-ChildItem -Path cert:\LocalMachine\my\327911063683D218873824A150B695F3875F8A38 | Export-PfxCert
ificate -NoProperties -ChainOption EndEntityCertOnly -Password $mypwd -FilePath C:\Users\Desktop\qaz321.pfx