使用Powershell导出包含私钥的证书，包括路径中的所有证书 [英] Export Certificate with private key including all certificates in path using powershell

问题描述

我正在使用Power Shell脚本来导出带有私钥的证书，该私钥还包括路径中的所有证书。我为此写了一个脚本，它不包含路径中的证书或根证书。下面是脚本。如果我的脚本有任何更改，请建议我。
提前谢谢。

I am working on power shell script to export certificate with private key which also includes all the certificates in the path. I wrote a script for that, it is not including the certificates in the path or the root certificate. Below is script. Kindly suggest me if there is any changes to make in my script. Thanks in Advance.

$Password="@de08nt2128"; #password to access certificate after expting
$CertName="WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName="WMSvc-WIN-9KC7DG31JBV"; # root certificate

$DestCertName="testcert"
$ExportPathRoot="C:\DestinationFolder"

$CertListToExport=Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -eq "CN=$RootCertName" }

foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
    $DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");

    $CertDestPath=Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"

    $type = [System.Security.Cryptography.X509Certificates.X509Certificate]::pfx
    $SecurePassword = ConvertTo-SecureString -String $Password -Force –AsPlainText

    $bytes = $CertToExport.export($type, $SecurePassword)
    [System.IO.File]::WriteAllBytes($CertDestPath, $bytes)

}
"Completed" 

推荐答案

更新脚本以导出与特定名称和颁发者匹配的所有证书（以及私钥）。确保使用管理员权限运行此程序：

Updated script to export all certificates matching a particular name and issuer (along with the private key). Make sure you run this with admin privileges:

# Script to export certificate from LocalMachine store along with private key
$Password = "@de08nt2128"; #password to access certificate after exporting
$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)
$ExportPathRoot = "C:\DestinationFolder"

$CertListToExport = Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*" }

foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
    # Destination Certificate Name should be CN. 
    # Since subject contains CN, OU and other information,
    # extract only upto the next comma (,)
    $DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
    $DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(","));

    $CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"

    $SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText

    # Export PFX certificate along with private key
    Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose
}

从您的履历中更新

• 支票 $ _。Issuer -eq CN = $ RootCertName 要工作，您还必须包括OU，O，S信息，以便使其正常工作，因此我将其修改为 $ _。Issuer-像 CN = $ RootCertName * ，以便匹配所有以变量 $ RootCertName


• 使用 $ CertToExport.Subject.ToString（）。Replace（ CN =，）生成pfx文件名称将导致名称的格式为 some-cert-name，OU = sometext，O = org，C = country.pfx ，因此更好限制下一个逗号（，），所以我添加了 $ DestCertName.Substring（0，$ DestCertName.IndexOf（，））


• 最后使用 Export-PfxCertifcate 导出私钥

• For the check $_.Issuer -eq "CN=$RootCertName" to work you will have to include OU, O, S information as well so for it to work correctly so I modified it to be $_.Issuer -Like "CN=$RootCertName*" so that it matches all Issuer's who's name starts with variable $RootCertName
• Using $CertToExport.Subject.ToString().Replace("CN=","") for generating pfx file name will cause the name to be of the format some-cert-name, OU=sometext, O=org, C=country.pfx so it is better to restrict upt o the next comma (,) so I added $DestCertName.Substring(0, $DestCertName.IndexOf(","))
• Finally using Export-PfxCertifcate to export with private key

这篇关于使用Powershell导出包含私钥的证书，包括路径中的所有证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！