使用 powershell 导出带有私钥的证书,包括路径中的所有证书
Export Certificate with private key including all certificates in path using powershell
我正在使用 power shell 脚本来导出带有私钥的证书,其中还包括路径中的所有证书。我为此写了一个脚本,它不包括路径中的证书或根证书。下面是脚本。如果我的脚本中有任何更改,请建议我。
提前致谢。
$Password="@de08nt2128"; #password to access certificate after expting
$CertName="WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName="WMSvc-WIN-9KC7DG31JBV"; # root certificate
$DestCertName="testcert"
$ExportPathRoot="C:\DestinationFolder"
$CertListToExport=Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -eq "CN=$RootCertName" }
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$CertDestPath=Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$type = [System.Security.Cryptography.X509Certificates.X509Certificate]::pfx
$SecurePassword = ConvertTo-SecureString -String $Password -Force –AsPlainText
$bytes = $CertToExport.export($type, $SecurePassword)
[System.IO.File]::WriteAllBytes($CertDestPath, $bytes)
}
"Completed"
更新脚本以导出与特定名称和颁发者匹配的所有证书(连同私钥)。确保你 运行 具有管理员权限:
# Script to export certificate from LocalMachine store along with private key
$Password = "@de08nt2128"; #password to access certificate after exporting
$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)
$ExportPathRoot = "C:\DestinationFolder"
$CertListToExport = Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*" }
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
# Destination Certificate Name should be CN.
# Since subject contains CN, OU and other information,
# extract only upto the next comma (,)
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(","));
$CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText
# Export PFX certificate along with private key
Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose
}
来自您的凭据的更新
- 要使检查
$_.Issuer -eq "CN=$RootCertName" 正常工作,您还必须包含 OU、O、S 信息才能正常工作,所以我将其修改为 $_.Issuer -Like "CN=$RootCertName*" 以便它匹配所有发行人姓名以变量 $RootCertName 开头
- 使用
$CertToExport.Subject.ToString().Replace("CN=","")生成pfx文件名会导致文件名格式为some-cert-name, OU=sometext, O=org, C=country.pfx所以最好限制upt o下一个逗号(,)所以我加了$DestCertName.Substring(0, $DestCertName.IndexOf(","))
- 终于用
Export-PfxCertifcate导出私钥
我正在使用 power shell 脚本来导出带有私钥的证书,其中还包括路径中的所有证书。我为此写了一个脚本,它不包括路径中的证书或根证书。下面是脚本。如果我的脚本中有任何更改,请建议我。 提前致谢。
$Password="@de08nt2128"; #password to access certificate after expting
$CertName="WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName="WMSvc-WIN-9KC7DG31JBV"; # root certificate
$DestCertName="testcert"
$ExportPathRoot="C:\DestinationFolder"
$CertListToExport=Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -eq "CN=$RootCertName" }
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$CertDestPath=Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$type = [System.Security.Cryptography.X509Certificates.X509Certificate]::pfx
$SecurePassword = ConvertTo-SecureString -String $Password -Force –AsPlainText
$bytes = $CertToExport.export($type, $SecurePassword)
[System.IO.File]::WriteAllBytes($CertDestPath, $bytes)
}
"Completed"
更新脚本以导出与特定名称和颁发者匹配的所有证书(连同私钥)。确保你 运行 具有管理员权限:
# Script to export certificate from LocalMachine store along with private key
$Password = "@de08nt2128"; #password to access certificate after exporting
$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)
$ExportPathRoot = "C:\DestinationFolder"
$CertListToExport = Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*" }
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
# Destination Certificate Name should be CN.
# Since subject contains CN, OU and other information,
# extract only upto the next comma (,)
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(","));
$CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText
# Export PFX certificate along with private key
Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose
}
来自您的凭据的更新
- 要使检查
$_.Issuer -eq "CN=$RootCertName"正常工作,您还必须包含 OU、O、S 信息才能正常工作,所以我将其修改为$_.Issuer -Like "CN=$RootCertName*"以便它匹配所有发行人姓名以变量$RootCertName 开头
- 使用
$CertToExport.Subject.ToString().Replace("CN=","")生成pfx文件名会导致文件名格式为some-cert-name, OU=sometext, O=org, C=country.pfx所以最好限制upt o下一个逗号(,)所以我加了$DestCertName.Substring(0, $DestCertName.IndexOf(",")) - 终于用
Export-PfxCertifcate导出私钥