In the previous tip we explained how you can create self-signed code-signing certificates in Windows 10 and Server 2016 (and better). Today, let’s take a look at how you can export such certificates to a password protected file, and reuse the certificates on a different machine.

Let’s assume you have created a new code-signing certificate in your personal certificate store, or there is a code-signing certificate present in your certificate store from other sources. This code will export the certificate to a PFX file located on your desktop:

# this password is required to be able to load and use the certificate later
$Password = Read-Host -Prompt 'Enter Password' -AsSecureString
# certificate will be exported to this file
$Path = "$Home\Desktop\myCert.pfx"

# certificate must be in your personal certificate store
$cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert |
          Out-GridView -Title 'Select Certificate' -OutputMode Single
$cert | Export-PfxCertificate -Password $Password -FilePath $Path

You are asked for a password. Since code-signing certificates are security-sensitive, the password is used to encrypt the certificate in the PFX file, and you’ll need to enter the password later when you load the certificate.

Next, a grid view window shows all code-signing certificates found in your personal certificate store. Choose the one you want to export.

Once the PFX file is created, you can load it with this line:

$cert = Get-PfxCertificate -FilePath $Path
$cert | Select-Object -Property *

Get-PfxCertificate will ask you for the password you set when you created the PFX file. Once the certificate is loaded, you can use it to sign files with Set-AuthenticodeSignature.


psconf.eu – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit www.psconf.eu There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU - with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at www.psconf.eu, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!

Anonymous