exporting certificate from user store to PFX using powershell

Alright, so today someone tried to contact me with an interesting email about exporting the certificate user store to PFX using powershell.  Below is the code that was contained in the email:


$cert = (dir cert:\currentuser\my)[0]

$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::pfx

$pass = read-host "pass" -assecurestring

$bytes = $cert.export($type, $pass)


so far so good. Last line of the code was:

[system.convert]::ToBase64String($bytes) > file.pfx

Now this is where things got interesting as for the resulting PFX, certificate import wizard  does not seem to accept the same password. Why?? The problem is that certificate import wizard does not seem to convert the base64 data back to binary. Now instead of converting to base64 if you were to use the binary data itself as in:

[System.IO.File]::WriteAllBytes("file.pfx", $bytes)

This works well with the certificate import wizard or other tools.

Comments (2)
  1. Just wanted to add that there is a whole set of PKI/certificate management cmdlets available in the free QAD cmdlets set:


  2. mike says:

    Try this:

    set-content -value $bytes -encoding byte -path "$fix.pfx"

Comments are closed.

Skip to main content