Export-QADCertificate
From PowerGUI Wiki
Export an X.509 certificate to a byte array or a file.
This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server.
Contents |
Syntax
Export-QADCertificate [-Certificate] <X509CertificateUI[]> [-Encoding <CertificateEncoding>] [-File <string>] [-Format <ExportFormat>] [-Mode <ExportMode>] [-Password <SecureString>] [<CommonParameters>]
Detailed Description
Use this cmdlet to export the X.509 certificate represented by a given certificate object, to a byte array or a file using the specified format. The cmdlet can take an output object of the Get-QADCertificate cmdlet, and return a byte array containing the certificate data found in that object. Another option is to have the cmdlet export the certificate directly to a file specified (see examples).
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Certificate | Use this parameter to specify the certificate objects representing the certificates to export. This could be output objects of the Get-QADCertificate cmdlet (see examples). | true | true (ByValue) | |
| Encoding | Use this parameter to specify how to encode the export data. The possible parameter values are:
Binary The export data is a pure binary sequence Base64 The export data is base64-encoded The default parameter value is Binary for the Pkcs12 (Pfx) export format and Base64 for any other export format. | false | false | |
| File | Use this parameter to specify the path and name of a file to which you want to export the certificates. The path can be an absolute path, such as C:\MyCertificates\Cert.cer, or a relative path. If the path or file name includes spaces, enclose the parameter value in quotation marks. | false | false | |
| Format | Use this parameter to specify how to format the export data. The possible parameter values are the following members of the X509ContentType enumeration:
Cert SerializedCert Pfx Pkcs12 (same as Pfx) SerializedStore Pkcs7 If this parameter is omitted, the Cert format is used. For descriptions of these enumeration members, see the "X509ContentType Enumeration" article in Microsoft's .NET Framework Class Library at msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509contenttype.aspx | false | false | Cert |
| Mode | Use this parameter to specify whether you want the export data to include a single certificate, the certificate chain (that is, all certificates in the certification path for a given certificate), or a collection of certificates (see examples). The corresponding parameter values are:
Single Exports each input certificate separately
Chain Exports the entire certificate chain for each input certificate;
not supported for the Cert and SerializedCert export formats
Collection Exports all input certificates as a single bulk;
not supported for the Cert and SerializedCert export formats
| false | false | Single |
| Password | Use this parameter to specify the password required to access the X.509 certificate export data. A password is required to export a certificate with both the public and private keys. In this case the certificate should be exported using the Pkcs12 (Pfx) export format. | false | false |
Input Type
Quest.ActiveRoles.ArsPowerShellSnapIn.X509CertificateUI
Return Values
byte[]
Examples
EXAMPLE 1
Get-QADUser domainName\userName |
Get-QADCertificate |
%{Export-QADCertificate $_ -File "c:\cert\$($_.IssuedTo)-$($_.Thumbprint).cer"} |
Out-Null
Description
In this command: Get-QADCertificate generates certificate objects representing the X.509 certificates mapped to the specified user in Active Directory, and Export-QADCertificate exports each certificate to a separate file using the Cert (default) export format. For each certificate, the file name is composed of the certificate's properties "Issued To" and "Thumbprint."
EXAMPLE 2
Get-QADLocalCertificateStore MyStore |
Get-QADCertificate |
%{Export-QADCertificate $_ -Format Pkcs7 -Mode Chain -File "c:\cert\$($_.SerialNumber).p7b"} |
Out-Null
Description
In this command: Get-QADLocalCertificateStore retrieves a certain certificate store by name from the CurrentUser store location and passes the corresponding object to Get-QADCertificate; Get-QADCertificate retrieves the certificates from that store and passes the certificate objects to Export-QADCertificate; for each certificate object, Export-QADCertificate exports the entire certificate chain of the corresponding certificate to a separate file using the Pkcs7 export format, with the file name composed of the certificate's serial number.
EXAMPLE 3
Get-QADLocalCertificateStore MyStore | Get-QADCertificate | Export-QADCertificate -Mode Collection -Format Pfx -Password (ConvertTo-SecureString <Password> -asplaintext -force) -File c:\MyCerts.pfx | Out-Null
Description
In this command: Get-QADLocalCertificateStore retrieves a certain certificate store by name from the CurrentUser store location and passes the corresponding object to Get-QADCertificate; Get-QADCertificate retrieves the certificates from that store and passes the certificate objects to Export-QADCertificate; Export-QADCertificate exports all the certificates, along with their private keys, to a single file using the Pfx export format. This export operation requires the export data to be protected by a password, so the Password parameter is used to set a password.
