Exporting Certificate Stores with Powershell

I recently ran into an issue where I needed to export the contents of my Intermediate Root Certificate Authority store and because this is such a manually effort with over 100 certificates, I turned to Powershell and found a very easy method of doing so and thought I would share.

First, we are going to pull the contents of the certificate store.

$certs = (Get-ChildItem -Path "Cert:\LocalMachine\CA" -Recurse)

This command will allow us to traverse the certificate store as if it were a file directory, storing all contents in an array inside of the $certs variable.

Once we have this information, its time to slice it up.

First, I need something to call these certificates.

109F1CAED645BB78B3EA2B94C0697C740733031C  CN=Microsoft Windows Hardware Compatibility, OU=Microsoft....

This output isn’t exactly friendly so lets do some string manipulation.


This is my shorthand version which translates to…

$subject = ($cert.SubjectName.Name).Split(',') #finds the "," and breaks into chunks

$subject = (([String]$subject[0].Split('='))[1]

PS C:\windows\system32> (((($cert.SubjectName.Name).Split(','))[0]).Split('='))[1]

Microsoft Windows Hardware Compatibility

As you can see, this makes much more sense and is much easier to read.  Now I’m going to do the same thing with the certificate thumbprint as this will be unique even when the certificate name is not.

PS C:\windows\system32>         $thumb = ($cert.Thumbprint).Substring(0,9)

PS C:\windows\system32> $thumb

This gives us a nice 10 digit hash that we will use later.  Next, I will create a way of naming these files to avoid confusion and make the export very clean and easy to follow.

 $file = $subject + "." + $thumb + ".cer"

PS C:\windows\system32> $file
Microsoft Windows Hardware Compatibility.109F1CAED.cer


The last part of this includes exporting all of the certificates to files in a folder.  The full script is shown below.

$certs = (Get-ChildItem -Path Cert:\LocalMachine\CA -Recurse)
foreach ($cert in $certs)
        $subject = (((($cert.SubjectName.Name).Split(','))[0]).Split('='))[1]
        $thumb = ($cert.Thumbprint).Substring(0, 9)
        $file = $subject + "." + $thumb + ".cer"
        Export-Certificate -Type CERT -Cert $cert -FilePath "<FOLDERPATH>" -NoClobber
        "$($file) cannot be exported"



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s