I need to be able to remotely export an installed computer certificate with the full certificate chain and private keys on a Windows server.
The cert is used for IIS, and I want to use it for an apache instance running on the same server.
I know how to to do this manually with the certmgr.MSC mmc snap in tool, but how can this be done from a command line or from a remote machine on the same domain?
I also know how to view just the certificate with openssl s-client. Can that be used to save both the certificate and private key for importing to a Java keystore file?
Certmgr via RDP is too slow for what I need. I need a scripting solution.
My environment is all Windows Server 2008 R2. PowerShell remoting is not on, but I can get it on.
I have confirmed that I cannot use the PowerShell Export-PfxCertificate, because my servers are not new enough…
So, if I can use PowerShell to get the thumbprint of the certificate I want, I can then feed it to the "certutil -exportpfx" command. I have confirmed that will work.
How do I dir the certificate store like, "dir cert:\localmachine\my | Where-Object { $_.hasPrivateKey } | " AND then feed that to the certutil export with the thumbprint?
OR, could I do the dir first and tell it to only print out the thumbprint and not the whole thing? Then save that to a file, and read the file a make the certutil command?
Best Answer
See Stack Overflow question Export certificate from IIS using PowerShell.
If the answer works for you, then you can run PowerShell code on remote server using
PSRemoting(Enter-PSSession or Invoke-Command) or psexec.Try this, works for me:
Beware, that sometimes you wouldn't be able to use
Subjectas file name, due to invalid foreign-language characters in the Unicode.