Convert pfx certificates to crt on Windows

By | 2015-10-02

The most cited and advised way to convert a pfx certificate file to crt, is to use openssl. For a Windows server I will look at alternatives using Powershell.

On a Windows server, openssl isn’t available, but if a small external download is an option, you can still find a Windows ported version of openssl, it really works as simple as advertised:

The warning can be ignored, it doesn’t impact the functionality.

For example:

OpenSSL For Windows URL:
https://indy.fulgan.com/SSL/
(Via: https://www.openssl.org/community/binaries.html)

Another way to do this on a Windows Server, is to use Powershell.

Depending on your Operating System version (Win2012+/Win8+) and Powershell version (V4+), this could be a one-liner:

https://technet.microsoft.com/en-us/library/hh848628(v=wps.620).aspx

The downside is, that it prompts for a password, so this cannot be used in an unattended script.

 

On older versions the command “Export-Certificate” is not even available, so for older versions and for unattended scripts this would be the trick:

Set-Content could be considered the easier readable approach, compared to “[System.IO.File]::WriteAllBytes()”.

#New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($cert)
#Object.Export(): Specify one of the following enumerator names: Unknown, Cert, SerializedCert, Pfx, Pkcs12, SerializedStore, Pkcs7, Authenticode

 

For exporting from your certificate store to a PFX file, you could use:

For importing from a PFX file to your certificate store, you could use:

 

Leave a Reply

Your email address will not be published. Required fields are marked *