Instantiate Microsoft Certificate Authority management interface using powershell

Microsoft’s Certificate Authority management interface as mentioned in is implemented in certadm.dll. certadm.dll does not ship by default on client system and is part of admin pack (or called Remote Server Administration tools that can be installed on the client system. Once installed, you can quickly test the interface using powershell with this sample…

Generating a certificate (self-signed) using powershell and CertEnroll interfaces

In this article I will explore using the certenroll interfaces to create certificates for testing/local usage. To scope the discussion, we would look at various options exposed via makecert.exe tool ( .  We will start by looking at a sample powershell script that creates a self-signed machine certificate that has “server auth” eku: $name = new-object -com “X509Enrollment.CX500DistinguishedName.1″$name.Encode(“CN=TestServer”, 0) $key…


Adding certificates for a serialized store (sst) file to an actual physical store

In my previous post I used the CMS type to open a PKCS7. Apparently X509Certificate2Collection Import method can also be used to open up a PKCS7. This would be far more simpler then using CMS. Additionally, you might be asked to add the certificates you obtained from PKCS7 file or a serialized store (sst) file to an…


PKCS7 (p7b) bag of certificates and powershell

Recently I was asked how to extract the certificates within a PKCS7 (p7b) files using powershell. After a little research the following seems to work fine: [reflection.assembly]::LoadWithPartialName(“System.Security”)$data = [System.IO.File]::ReadAllBytes(“certificates.p7b”)$cms = new-object$cms.Decode($data)$cms.Certificates | foreach {New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $_} | echo