CODEWITHSUNDEEP
powershellcertificatewindows-server-2016pfx
Mike Christensen
Mike Christensen

Reputation: 91696

Import-PfxCertificate no-ops, but no error or anything

I'm trying to import a PFX file into the local certificate store. However, Import-PfxCertificate just does nothing at all. No return value, no error, nothing:

enter image description here

I can double click on the PFX file in Explorer and import it with the same password, which works. Something about the PowerShell CmdLet isn't working. I've also tried other stores, such as Cert:\LocalMachine\My and TrustedPeople. Running it with -Verbose -Debug doesn't show anything extra. Nothing in the Application or Security event logs either. I'm also running as an admin. Ideas?

Upvotes: 2

Views: 1548

Answers (1)

lloyd
lloyd

Reputation: 1811

The Pfx file might have a cert chain. Treating it as a collection would be a better way of handling the certificate store. See installing cert chain for the C# this was based off;

[string] $certPath = '.\test.pfx';
[string] $certPass = 'MyPassword';

# Create a collection object and populate it using the PFX file
$collection = [System.Security.Cryptography.X509Certificates.X509Certificate2Collection]::new();
$collection.Import($certPath, $certPass,  [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet);

try {
    # Open the Store My/Personal
    $store = [System.Security.Cryptography.X509Certificates.X509Store]::new('My');
    $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite);

    foreach ($cert in $collection) {
        Write-Host ("Subject is: '{0}'" -f  $cert.Subject  )
        Write-Host ("Issuer is:  '{0}'" -f  $cert.Issuer  )

        # Import the certificate into an X509Store object
        # source https://support.microsoft.com/en-au/help/950090/installing-a-pfx-file-using-x509certificate-from-a-standard-net-applic

        if ($cert.Thumbprint -in @($store.Certificates | % { $_.Thumbprint } )) {
            Write-Warning "Certificate is already in the store"
            # Force the removal of the certificate so we have no conflicts, not required if this is the first install    
            $store.Remove($cert)
        }
        # Add in the certificate 
        $store.Add($cert);
    }
} finally {
    if($store) {
        # Dispose of the store once we are done
        $store.Dispose()
    }
}

Upvotes: 1

Related Questions