Exporting Certificate With Private Key

by Oct 20, 2009

Certificates are digital identities, and when you already own the private key to a certificate, you own this identity. You can then use these certificates to sign e-mail or PowerShell scripts. To prevent personal certificates from getting lost, you should export them to pfx files and re-import them in case your machine breaks down or if you are switching machines.

First, let's see how to find certificates that you have already have the private key for. Use this to find all such certificates in your personal store:

dir cert:\currentuser\my | Where-Object { $_.hasPrivateKey }

Try this to see all machine certificates (provided you are Admin):

dir cert:\localmachine\my | Where-Object { $_.hasPrivateKey }

For example, if you want to copy the certificate to another computer to use it there or as a backup, you should export a certificate with a private key by first grabbing it by adding a where-object clause to identify it. Or, you can export and backup all certificates in one line:

dir cert:\currentuser\my |
Where-Object { $_.hasPrivateKey } |
Foreach-Object { [system.IO.file]::WriteAllBytes(
($_.Export('PFX', 'secret')) ) }

This will export all of your personal certificates, including private key to pfx-files in your user profile. Each file uses the certificate thumbprint as its file name.

Before you can re-import such pfx-files by double-clicking them, you will be prompted for a security password so unauthorized persons cannot steal your identities. While the line has set this password to 'secret,' you should, of course, choose a stronger one.

Twitter This Tip! ReTweet this Tip!