Powershell generated pfx file password problem

Question

i have followed msdn article to generate pfx file using powershell. so i have executed sequentially

New-SelfSignedCertificate -Type Custom -Subject "CN=Contoso Software, O=Contoso Corporation, C=US" -KeyUsage DigitalSignature -FriendlyName "Your friendly name goes here" -CertStoreLocation "Cert:\CurrentUser\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")

$pwd = ConvertTo-SecureString -String mypassword -Force -AsPlainText 
Export-PfxCertificate -cert "Cert:\CurrentUser\My\<Certificate Thumbprint>" -FilePath mycert.pfx -Password $pwd

So far everything is good but when i try to get the pfx certificate using comman below. it prompts to enter the password I used. i am trying exact same password as "mypassword" but it returns error below

 Get-PfxCertificate -FilePath mycert.pfx

Get-PfxCertificate : The specified network password is not correct. At line:1 char:1

I am trying to create a build pipeline on azure devops using this certificate and password but azure pipeliness gives me the same error message.

If i create a pfx file using Visual Studio 2019, Get-PfxCertificate with the password i give, works fine. But Azure pipeliness returns another error.

So my questions are,

1. what is the difference creating pfx file using Visual Studio 2019 vs PowerShell? why VS 2019 generated pfx doesnt work.

2. why Get-PfxCertificate doesnt accept the password i use to generate?

Regarding 2nd issue I thought that it might be something to do with plaintext vs SecureString. thats why I tried below command as well as stated in the docs. It tells me that -password is not recognized.

   $pwd = ConvertTo-SecureString -String mypassword -Force -AsPlainText 
   Get-PfxCertificate -FilePath mycert.pfx -Password $pwd -NoPromptForPassword

Error:

Get-PfxCertificate : A parameter cannot be found that matches parameter name 'Password'.
At line:2 char:60

Answer 1

i just want to give an answer for anyone else having this silly problem i had. If you use signs like $ in powershell without using apostrophes or double quotes, generation is still valid and you get pfx file but password is different than what you set :) thats why azure devops is returning this error

Answer 2

1. As far as i know there should not be much of a difference but to be honest i am not quite sure as to how it is done exactly in VS

2. The "-Password" parameter for the Get-PFXCertificate cmdlet was only added in PS version 6.1+ maybe check the version you are using in Azure because i had the same problem locally and it was because i was on 5.1

Answer 3

I don't know about 1, but for 2, shouldn't you be using a capital P for the -Password command? See the Powershell page: Get-Pfx​Certificate for reference, which states the following;

Get-PfxCertificate
   -LiteralPath <String[]>
   [-Password <SecureString>]
   [-NoPromptForPassword]
   [<CommonParameters>]

If the issue remains, obviously something else is going on, but I'd try this first, to see if maybe it just doesn't recognise the command because of this.