In the previous tip we created new code-signing test certificates both as pfx file and located in your certificate store. Today, you’ll see how you can load these (or any other certificates you got from other sources) into PowerShell.
To load a certificate from a pfx file, use Get-PfxCertificate:
$Path = "$home\desktop\tobias.pfx"
$cert = Get-PfxCertificate -FilePath $Path
$cert | Select-Object -Property *
Get-PfxCertificate will prompt you for the password you defined when the pfx file was created. Some pfx files do not use password protection or protect the certificate via your user account identity in which case no prompt appears.
If you need to automate loading pfx certificates, here is a function that accepts a password by argument, and can load certificates from pfx files unattended:
# get clear text password
$plaintextPassword = [PSCredential]::new("X", $Password).GetNetworkCredential().Password
$container = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$container.Import($FilePath, $plaintextPassword, 'PersistKeySet')
And this is how the function works:
PS C:\> $pwd = 'secret' | ConvertTo-SecureString -AsPlainText -Force
PS C:\> $path = "$home\desktop\tobias.pfx"
PS C:\> $cert = Load-PfxCertificate -FilePath $path -Password $pwd
PS C:\> $cert
When you look at the last line in Load-PfxCertificate, you can easily adapt the function to pfx files that contain more than one certificate. The function always returns the first certificate ($container), but you could as well pick any other index number.
Join our next tip to find out how to access certificates stored in your personal certificate store.
ReTweet this Tip!