I recently had the requirement to export all valid certificates from a Windows certification authority so that the certificates could be entered into a certificate management software.
I have therefore created a small PowerShell script that exports all certificates that are still valid at runtime of the script to a folder. Since only the certificates that were issued using a specific template were relevant for certificate management, the corresponding template can be specified in the script. In my case, it was not necessary to export all certificates, but only those that are not automatically renewed.
Three parameters must therefore be adjusted in the script: Name of the CA, name of the template and the folder for the export. Maybe someone can use this little script:
$CAName = "Name of the CA"
$TemplateName = "Name of the template"
$ExportDir = "C:\ExportCerts"
$ca = Get-CertificationAuthority -Name $CAName
$allCerts = Get-IssuedRequest -CertificationAuthority $ca -property RawCertificate
$ValidCerts = $allcerts | where {$_.NotAfter -gt (get-date)}
$SANCerts = $ValidCerts | where { $_.CertificateTemplateOid.FriendlyName -match "$TemplateName"}
$pattern = '[^a-zA-Z]'
foreach ($SANCert in $SANCerts) {
$CommonName = $SANCert.CommonName
$FileName = $CommonName -replace $pattern
$filepath = $ExportDir + "\" + "$FileName" + ".cer"
$SANCert.RawCertificate | set-content $filepath
}
This script can also be found on GitHub: https://github.com/FrankysWeb/Export-CA-Certificates
Note: This is only about the certificates, not the private keys. This script is not suitable for backing up a certification authority.
Zu dem Hineweis unten: Eine CA sollte ohnehin niemals die privaten Schlüssel der Zertifikate haben :-D
Vielen Dank für das Skript! Welche Software für die Zertifikatsverwaltung kommt denn zum Einsatz?