Move certificates between certificate stores

APPLIES TO: no-img-13 2013 no-img-16 2016 no-img-19 2019 yes-img-se Subscription Edition no-img-sop SharePoint in Microsoft 365

SharePoint supports moving certificates between certificate stores using the Move-SPCertificate PowerShell cmdlet.

Move-SPCertificate [-Identity] <SPServerCertificatePipeBind> -NewStore {Default | EndEntity | Intermediate | Root} [-Force]

The cmdlet parameters are:

Parameter	Description
Identity	The certificate to move.
NewStore (Default / EndEntity / Intermediate / Root)	The certificate store to move the certificate to. If Default is specified, SharePoint will automatically select the appropriate certificate store for the certificate.
Force	Specifies that the certificate should be moved to a different certificate store, even if the certificate is currently assigned to SharePoint objects. If this parameter is specified, any existing assignments of the certificate are cleared. If this parameter isn't specified and the certificate is assigned to a SharePoint object, the operation will fail.

Example cmdlet syntax:

Move-SPCertificate -Identity "Contoso SharePoint (2020)" -NewStore EndEntity

Additional resources