Issue:

Unable to generate pfx file from certificate manager. Certificate export have the option greyed out “Personal Information Exchange PFX”.

Fix:

Use PowerShell to generate the PFX file.

The Certificates snap-in really doesn’t like to export PFX certificates, but PowerShell is happy to. You can use the¬†Export-PfxCertificate¬†cmdlet.

  1. Go to the certificates pseudo-drive by typing cd cert:\ at the PowerShell prompt.
  2. Type cd CurrentUser or cd LocalMachine as appropriate for where the certificate is. You may need to launch PowerShell as admin to export a machine certificate.
  3. cd into the appropriate store (a dir may help). The Personal store in MMC is called My here.
  4. Use dir to identify which ID corresponds to the certificate you want.
  5. Type this command to export it as a PFX with a password:Export-PfxCertificate -Cert .\LONGSTRINGOFHEX -FilePath 'C:\path\to\outfile.pfx' -Password (ConvertTo-SecureString -String 'password' -AsPlainText -Force) LONGSTRINGOFHEX should be replaced with your certificate’s ID. Fortunately, you can use tab completion on that.

Once that command executes, you have a PFX certificate protected with the password you supplied. PowerShell refuses to export the certificate’s private key without a password, and the password can’t be blank. Nevertheless, your PFX is out.

Sources:

https://superuser.com/questions/1098614/how-can-i-export-a-certificate-from-mmc-as-a-pfx-file

Last modified: December 20, 2023

Author

Comments

Write a Reply or Comment