using certutil is pretty straight forward:
certutil -exportpfx -p "" my serialnr path\to\hostname.pfx noroot
I need to convert it from pfx to pem, so I need to do some scripting. This is what I have so far:
$output = ( certutil -store my | findstr /i seri )
$separator = ":"
$serialstring = $output.split( $separator )
$serialnr = $serialstring[1]
$exportpfx = "certutil -exportpfx -p `"`" my" + $serialnr + " path\to\"+$env:computername+".pfx noroot"
invoke-expression $exportpfx
This nearly works, but the resulting pfx file has a password. So apparently my $exportpfx var is saving more info than it should, but I cannot see what.
Any tips? Thanks!
Best Answer
since I my goal was to convert the pfx to pem, I used the openssl tools for windows to remove the key after the creation of the pfx