cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

PowerShell Export-PfxCertificate Problem

h3rb3rt
Copper Contributor

‎Dec 16 2021 07:24 AM

‎Dec 16 2021 07:24 AM

PowerShell Export-PfxCertificate Problem

Hello Community,

 

i have the following problem:

 

When i export my root-Certificate as cer with PowerShell and with certmgr i get completly the same content in my files.

 

BUT

 

My child-pfx-Certificate exported with crtmgr is smaller (4KB), than the same certificate exported with PowerShell (15KB).

 

I think the reason are missing options in Export-PfxCertificate

My Command is:

Get-ChildItem -Path $systemcertpath | Export-PfxCertificate -FilePath $childcert -NoProperties -Password $password

 

When i export with crtmgr i have 4 checkboxes (first and last checked):

 

  • Including all certificates in the certification path if possible
  • Delete the private key if the export is successful
  • Export all extended properties
  • Enable certificate privacy

 

I think with "-NoProperties" i disable the Export of all extended properties (third Checkbox), but im not sure.

 

Why my exported Certificates are not equal? How to solve this?

 

Best regards and thanks for your help!

 

 

Labels:
3,728 Views
0 Likes
5 Replies
Reply
5 Replies
Andres Gorzelany

‎Dec 16 2021 11:02 AM

‎Dec 16 2021 11:02 AM

Re: PowerShell Export-PfxCertificate Problem

Hello
Exactly as you thought, -NoProperties description confirms

"Specifies whether the extended properties for a certificate are exported. If this parameter is specified, then extended properties are not included with the export. By default, all extended properties are included in the exported file."

Are they equal if you remove -NoProperties?
0 Likes
Reply
h3rb3rt

‎Dec 17 2021 01:18 AM

‎Dec 17 2021 01:18 AM

Re: PowerShell Export-PfxCertificate Problem

Thanks for your answer!

When i remove -NoProperties, i get another file, but still not a copy of my pfx exported with crtmgr.

In addition i did not check "Export all extended properties" in crtmgr, so i will need "-NoProperties".

I specified the -CryptoAlgorithmOption, but it should be useless because TripleDES_SHA1 is the default Value.
I specified the -ChainOption with value BuildChain. I think thats the equivalent of my checked checkbox "Including all certificates in the certification path if possible" in crtmgr.

Still my pfx from PowerShell is much bigger, than my pfx from crtmgr.


Get-ChildItem -Path $systemcertpath | Export-PfxCertificate -FilePath $childcert -NoProperties -CryptoAlgorithmOption TripleDES_SHA1 -ChainOption BuildChain -Password $password
0 Likes
Reply
best response confirmed by h3rb3rt (Copper Contributor)
Andres Gorzelany

‎Dec 17 2021 08:54 AM

‎Dec 17 2021 08:54 AM

Solution

Re: PowerShell Export-PfxCertificate Problem

Hello, how are you?

How many certificates "Get-ChildItem -Path $systemcertpath" is outputting? it seems it is probably more than one certificate there, but you need only one, right?

I used this and I got the same certificate size both with mmc and Ps

Get-ChildItem -Path cert:\LocalMachine\my\327911063683D218873824A150B695F3875F8A38 | Export-PfxCert
ificate -NoProperties -ChainOption EndEntityCertOnly -Password $mypwd -FilePath C:\Users\Desktop\qaz321.pfx
0 Likes
Reply
h3rb3rt

‎Dec 20 2021 02:02 AM

‎Dec 20 2021 02:02 AM

Re: PowerShell Export-PfxCertificate Problem

Shame on me,

your are totally right. Its more than one Certificate there. And i referenced just to the cert-folder, not to the cert itself Small Fault, big effects. Now fixed -> File is much smaller. Its still not the same, but i will try if it will work.

Thank you so much for your eye-opening help!
1 Like
Reply
Andres Gorzelany

‎Dec 20 2021 06:25 AM

‎Dec 20 2021 06:25 AM

Re: PowerShell Export-PfxCertificate Problem

Glad to hear h3rb3rt!
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by h3rb3rt (Copper Contributor)
Andres Gorzelany

‎Dec 17 2021 08:54 AM

‎Dec 17 2021 08:54 AM

Solution

Re: PowerShell Export-PfxCertificate Problem

Hello, how are you?

How many certificates "Get-ChildItem -Path $systemcertpath" is outputting? it seems it is probably more than one certificate there, but you need only one, right?

I used this and I got the same certificate size both with mmc and Ps

Get-ChildItem -Path cert:\LocalMachine\my\327911063683D218873824A150B695F3875F8A38 | Export-PfxCert
ificate -NoProperties -ChainOption EndEntityCertOnly -Password $mypwd -FilePath C:\Users\Desktop\qaz321.pfx

View solution in original post

0 Likes
Reply