Export Certificate with private key including all certificates in path using powershell
Updated script to export all certificates matching a particular name and issuer (along with the private key). Make sure you run this with admin privileges:
# Script to export certificate from LocalMachine store along with private key$Password = "@de08nt2128"; #password to access certificate after exporting$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)$ExportPathRoot = "C:\DestinationFolder"$CertListToExport = Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*" }foreach($CertToExport in $CertListToExport | Sort-Object Subject){ # Destination Certificate Name should be CN. # Since subject contains CN, OU and other information, # extract only upto the next comma (,) $DestCertName=$CertToExport.Subject.ToString().Replace("CN=",""); $DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(",")); $CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx" $SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText # Export PFX certificate along with private key Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose}Updates from your scrip
- For the check
$_.Issuer -eq "CN=$RootCertName"to work you will have to include OU, O, S information as well so for it to work correctly so I modified it to be$_.Issuer -Like "CN=$RootCertName*"so that it matches all Issuer's who's name starts with variable$RootCertName - Using
$CertToExport.Subject.ToString().Replace("CN=","")for generating pfx file name will cause the name to be of the formatsome-cert-name, OU=sometext, O=org, C=country.pfxso it is better to restrict upt o the next comma (,) so I added$DestCertName.Substring(0, $DestCertName.IndexOf(",")) - Finally using
Export-PfxCertifcateto export with private key