在Windows上不使用OpenSSL从pfx文件或证书存储中提取私钥 [英] Extract private key from pfx file or certificate store WITHOUT using OpenSSL on Windows

问题描述

正如标题所示，我想不使用OpenSSL导出我的私钥。如果我需要 .cer 文件或 .pfx 文件，则可以通过MMC或PowerShell <$ c $轻松导出这些文件c> pkiclient ，但我找不到获取私钥的方法。

类似于MMC证书中的证书导出向导，仅在包含密钥的情况下才导出到 .pfx 。

解决方案

尝试如下操作：

  $ mypwd = ConvertTo-SecureString -String MyPassword -Force -AsPlainText 
 $ mypfx = Get-PfxData -FilePath C：\Users\oscar\Desktop\localhost.pfx -Password $ mypwd 
 Export-PfxCertificate -PFXData $ mypfx -FilePath C ：\用户\oscar\桌面sklocalhost.pfx-密码$ NewPwd 
  

As the title suggests I would like to export my private key without using OpenSSL. If I need a .cer file or .pfx file I can easily export these via MMC or PowerShell pkiclient but I can't find a way to get the private key.

https://docs.microsoft.com/en-us/powershell/module/pkiclient/export-certificate?view=win10-ps

Using an online tool like https://www.sslshopper.com/ssl-converter.html is not OK.

PSVersion:

PS C:\Users\oscar> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17134.228
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17134.228
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

I can get the public key like this:

(Get-PfxCertificate -FilePath C:\Users\oscar\Desktop\localhost.pfx).GetPublicKey()

And export the entire certificate like this:

(Get-PfxCertificate -FilePath C:\Users\oscar\Desktop\localhost.pfx).GetRawCertData()

Result from

PS C:\Users\oscar> $mypwd = ConvertTo-SecureString -String "MyPassword" -Force -AsPlainText
PS C:\Users\oscar> $mypfx = Get-PfxData -FilePath C:\Users\oscar\Desktop\localhost.pfx -Password $mypwd
PS C:\Users\oscar> $mypfx

OtherCertificates EndEntityCertificates
----------------- ---------------------
{}                {[Subject]...


PS C:\Users\oscar> $mypfx.EndEntityCertificates

Thumbprint                                Subject
----------                                -------
8ED4971564E35099D6DB490C3756E2AD43AAAAAA  CN=localhost

Tested the command from @Brad but I got the error below.

Private key is NOT plain text exportable

certutil -exportPFX -p "myPassword" -privatekey -user my <Certificate Serial Number> C:\localhost.pfx

Similar to Certificate Export Wizard in MMC certificates, only export to .pfx available if the key is included.

解决方案

Try something like this:

$mypwd = ConvertTo-SecureString -String "MyPassword" -Force -AsPlainText
$mypfx = Get-PfxData -FilePath C:\Users\oscar\Desktop\localhost.pfx -Password $mypwd
Export-PfxCertificate -PFXData $mypfx -FilePath C:\Users\oscar\Desktop\localhost.pfx -Password $NewPwd

这篇关于在Windows上不使用OpenSSL从pfx文件或证书存储中提取私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！