使用 powershell 导出带有私钥的证书，包括路径中的所有证书 [英] Export Certificate with private key including all certificates in path using powershell

问题描述

我正在使用 power shell 脚本导出带有私钥的证书，其中还包括路径中的所有证书.我为此编写了一个脚本，它不包括路径中的证书或根证书.下面是脚本.如果我的脚本有任何更改，请建议我.提前致谢.

I am working on power shell script to export certificate with private key which also includes all the certificates in the path. I wrote a script for that, it is not including the certificates in the path or the root certificate. Below is script. Kindly suggest me if there is any changes to make in my script. Thanks in Advance.

$Password="@de08nt2128"; #password to access certificate after expting
$CertName="WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName="WMSvc-WIN-9KC7DG31JBV"; # root certificate

$DestCertName="testcert"
$ExportPathRoot="C:DestinationFolder"

$CertListToExport=Get-ChildItem -Path cert:LocalMachineMy | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -eq "CN=$RootCertName" }

foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
    $DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");

    $CertDestPath=Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"

    $type = [System.Security.Cryptography.X509Certificates.X509Certificate]::pfx
    $SecurePassword = ConvertTo-SecureString -String $Password -Force –AsPlainText

    $bytes = $CertToExport.export($type, $SecurePassword)
    [System.IO.File]::WriteAllBytes($CertDestPath, $bytes)

}
"Completed" 

推荐答案

更新脚本以导出与特定名称和颁发者匹配的所有证书(连同私钥).确保以管理员权限运行:

Updated script to export all certificates matching a particular name and issuer (along with the private key). Make sure you run this with admin privileges:

# Script to export certificate from LocalMachine store along with private key
$Password = "@de08nt2128"; #password to access certificate after exporting
$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)
$ExportPathRoot = "C:DestinationFolder"

$CertListToExport = Get-ChildItem -Path cert:LocalMachineMy | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*" }

foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
    # Destination Certificate Name should be CN. 
    # Since subject contains CN, OU and other information,
    # extract only upto the next comma (,)
    $DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
    $DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(","));

    $CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"

    $SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText

    # Export PFX certificate along with private key
    Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose
}

从您的脚本更新

• 为了使检查 $_.Issuer -eq "CN=$RootCertName" 起作用，您还必须包含 OU、O、S 信息，以便它能够正常工作，所以我对其进行了修改为 $_.Issuer -Like "CN=$RootCertName*" 以便它匹配所有以变量 $RootCertName 开头的 Issuer 的名字
• 使用 $CertToExport.Subject.ToString().Replace("CN=","") 生成 pfx 文件名将导致名称为 some-cert 格式-name, OU=sometext, O=org, C=country.pfx 所以最好限制到下一个逗号 (,) 所以我添加了 $DestCertName.Substring(0, $DestCertName.IndexOf(","))
• 最后使用Export-PfxCertifcate用私钥导出

• For the check $_.Issuer -eq "CN=$RootCertName" to work you will have to include OU, O, S information as well so for it to work correctly so I modified it to be $_.Issuer -Like "CN=$RootCertName*" so that it matches all Issuer's who's name starts with variable $RootCertName
• Using $CertToExport.Subject.ToString().Replace("CN=","") for generating pfx file name will cause the name to be of the format some-cert-name, OU=sometext, O=org, C=country.pfx so it is better to restrict upt o the next comma (,) so I added $DestCertName.Substring(0, $DestCertName.IndexOf(","))
• Finally using Export-PfxCertifcate to export with private key

这篇关于使用 powershell 导出带有私钥的证书，包括路径中的所有证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！