8

I want to install a certificate (X.509) created with makecert.exe on a remote server. I am not able to use psexec or something like that but have to use PowerShell.

  • Server operating system: Windows Server 2008 R2
  • PowerShell version: 4

Question: How to install a certificate with PowerShell on a remote server.

Improve this question
3
  • What OS and PSH version on the remote server? Commented Jan 22, 2014 at 9:17
  • I've added the information to the original question. Commented Jan 22, 2014 at 9:29
  • Do you have PowerShell remoting enable on both machines and both machines are trusted by each other"? Commented Mar 21, 2014 at 5:19

3 Answers 3

Reset to default
6

Scenario: ServerA has the SSL cert, ServerB would like the SSL cert imported

  1. define two variables (ServerB only):

    $afMachineName = "SomeMachineNameOrIp"
$certSaveLocation = "c:\temp\Cert.CER"

  2. enable trust on both machines (ServerA & ServerB):

    Function enableRemotePS() {
    Enable-PSRemoting -Force
    Set-Item wsman:\localhost\client\trustedhosts $afMachineName -Force
    Restart-Service WinRM
}

  3. Save the certificate (ServerB only):

    Function saveCert([string]$machineName,[string]$certSaveLocation) {
    Invoke-Command -ComputerName $machineName -ArgumentList $certSaveLocation -ScriptBlock {
        param($certSaveLocation)
        $cert = dir Cert:\LocalMachine\Root | where {$_.Subject -eq "CN=YOURCERTNAME" };
        $certBytes = $cert.Export("cert");
        [system.IO.file]::WriteAllBytes($certSaveLocation, $certBytes);
    }

    Copy-Item -Path \\$machineName\c$\temp\CertAF.CER -Destination $certSaveLocation
}

  4. Import the certificate (ServerB only)

    Function importCert([string]$certSaveLocation) {
    $CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certSaveLocation

    $CertStoreScope = "LocalMachine"
    $CertStoreName = "Root"
    $CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $CertStoreName, $CertStoreScope

    # Import The Targeted Certificate Into The Specified Cert Store Name Of The Specified Cert Store Scope
    $CertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
    $CertStore.Add($CertToImport)
    $CertStore.Close()
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

To import a PFX file you can use Import-PfxCertificate, for example

Import-PfxCertificate -FilePath YOUR_PFX_FILE.pfx -Password (ConvertTo-SecureString -String "THE_PFX_PASSWORD" -AsPlainText -Force)

To do this on a remote computer, you can use Invoke-Command -ComputerName (and use an UNC path for the PFX file).

Improve this answer

Comments

0

I've created a few scripts for this purpose:

https://github.com/kevin-bridges/WindowsPowerShell/tree/master/Scripts/certificates

take a look and see if they'd work for you. You can use get-help on each of them to check the usage details.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.