powershell - 使用Powershell导出包含私钥的证书，包括路径中的所有证书

Question

我正在使用Power Shell脚本导出带有私钥的证书，该私钥还包括路径中的所有证书。我为此写了一个脚本，它不包括路径中的证书或根证书。下面是脚本。如果我的脚本有任何更改，请建议我。
提前致谢。

$Password="@de08nt2128"; #password to access certificate after expting
$CertName="WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName="WMSvc-WIN-9KC7DG31JBV"; # root certificate

$DestCertName="testcert"
$ExportPathRoot="C:\DestinationFolder"

$CertListToExport=Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -eq "CN=$RootCertName" }

foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
    $DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");

    $CertDestPath=Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"

    $type = [System.Security.Cryptography.X509Certificates.X509Certificate]::pfx
    $SecurePassword = ConvertTo-SecureString -String $Password -Force –AsPlainText

    $bytes = $CertToExport.export($type, $SecurePassword)
    [System.IO.File]::WriteAllBytes($CertDestPath, $bytes)

}
"Completed" 

Answer 1

更新了脚本以导出与特定名称和颁发者匹配的所有证书(以及私钥)。确保使用管理员权限运行此命令:

# Script to export certificate from LocalMachine store along with private key
$Password = "@de08nt2128"; #password to access certificate after exporting
$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)
$ExportPathRoot = "C:\DestinationFolder"

$CertListToExport = Get-ChildItem -Path cert:\LocalMachine\My | ?{ $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*" }

foreach($CertToExport in $CertListToExport | Sort-Object Subject)
{
    # Destination Certificate Name should be CN. 
    # Since subject contains CN, OU and other information,
    # extract only upto the next comma (,)
    $DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
    $DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(","));

    $CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"

    $SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText

    # Export PFX certificate along with private key
    Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose
}

您的股票的更新

为了使$_.Issuer -eq "CN=$RootCertName"检查正常工作，您还必须包括OU，O，S信息，以便使其正常工作，因此我将其修改为$_.Issuer -Like "CN=$RootCertName*"，以便它与所有以变量$RootCertName开头的发行人名称相匹配

使用$CertToExport.Subject.ToString().Replace("CN=","")生成pfx文件名将导致该名称的格式为some-cert-name, OU=sometext, O=org, C=country.pfx，因此最好限制下一个逗号(，)，因此我添加了$DestCertName.Substring(0, $DestCertName.IndexOf(","))

最后使用Export-PfxCertifcate通过私钥

导出