This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 59%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOJ%3C/text%3E%3C/svg%3E)
Hi, good morning!
I have a list of 900 certificates in the Certification Authority (folder Issued Certificates). I would like to export each certificate in Base-64 X.509 by script in Power Shell, because in the GUI, I need to do one by one.
I have tried many commands and scripts to do this. All processes show me success, but when I try to open the certificate file, it shows me a message:
Invalid Public Key Object File
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Saying you've "tried many commands and scripts" without offering examples isn't very helpful.
Have you tried Export-PfxCertificate?
Do you expect to have the exported certificate contain the private key? For that you'll need the certificates password, and that may not be the same for all certs in the CA.
Hi @Oliveira Junior, Jose Ramos (SMO TK RYD SIG) ,
maybe this helps to get started (haven't tested the script because no CA available at the moment):
Import-Module ADCSAdministration
$caName = "Name of CA"
$outputDir = "C:\Certificates"
$caObj = Get-CertificationAuthority -Name $caName
$certs = Get-IssuedRequest -CertificationAuthority $caObj
foreach ($cert in $certs) {
$certObj = Get-Certificate -CertId $($cert.RequestID) -CertAuthority $caObj
[System.IO.File]::WriteAllText($("$outputDir\Cert_$certId.cer"), $certObj.RawData | Convert.ToBase64String)
}
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
Hi everyone,
Thank you for suport.
I didn’t know that I neeed add my script here.
I fixed the issue using :
## Converting PEM String into X509Certificate2 object$rawCertificate = ($pemCertificate -split '\r\n' | Select-Object -Skip 1 | Select-Object -SkipLast 2) -join ''$newCertificate = System.Security.Cryptography.X509Certificates.X509Certificate2.
I used this script, and it is working! Thank for all
## Converting PEM String into X509Certificate2 object$rawCertificate = ($pemCertificate -split '\r\n' | Select-Object -Skip 1 | Select-Object -SkipLast 2) -join ''$newCertificate = System.Security.Cryptography.X509Certificates.X509Certificate2.