In this post, you will find a description of a PowerShell script that copies a certificate from one certificate store to another.
Introduction
In this post, I’d like to describe the PowerShell script which copies the certificate from one certificate store to another. I created this script to duplicate a result of dotnet dev-certs https --trust command, but in unattended mode. In addition, it could be used for other automation tasks.
Background
Solution uses PowerShell 7.1.4.
Solution
There is a listing of the script copy-certificate.ps1:
param (
[Parameter(Mandatory = $true, Position = 0)]
[string]$CertificateName,
[Parameter(Mandatory = $false)]
[string]$SourceStoreLocation = 'CurrentUser',
[Parameter(Mandatory = $false)]
[string]$SourceStoreName = 'My',
[Parameter(Mandatory = $false)]
[string]$TargetStoreLocation = 'LocalMachine',
[Parameter(Mandatory = $false)]
[string]$TargetStoreName = 'Root'
)
$Path = "cert:\$($SourceStoreLocation)\$($SourceStoreName)";
$Certificate = `
Get-ChildItem -Path $Path -Recurse | `
Where-Object { $_.FriendlyName -like $CertificateName };
if ((-not $?) -or ($null -eq $Certificate)) {
Write-Error "Certificate is not found '$CertificateName'";
exit;
}
else {
Write-Verbose "Get certificate, thumbrint=$($Certificate.Thumbprint)";
}
$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store `
-ArgumentList $TargetStoreName, $TargetStoreLocation;
$CertStore.Open('ReadWrite');
if ((-not $?) -or ($null -eq $CertStore)) {
Write-Error 'Certificate store is not opened';
exit;
}
else {
Write-Verbose 'Certificate store is opened';
}
$CertStore.Add($Certificate);
$CertStore.Close();
if (-not $?) {
Write-Error 'Certificate was not added';
exit;
}
else {
Write-Host "Certificate '$CertificateName' is added to the store
'cert:\$($TargetStoreLocation)\$($TargetStoreName)'" -ForegroundColor Blue;
}
The script gets the certificate by its name from the store, opens the target certificate store and puts obtained certificate.
According to the mentioned steps, the certificate is obtained from the certificate store at lines 24-27, where the certificate name, the store location and the store name are set by parameters. These parameters could be wrong or a certificate could not be found, so result is checked for nullity.
The script tries to open the target certificate store at lines 37-39. Let’s note that this operation requires Administrative privileges when TargetStoreLocation parameter equals LocalMachine or remote computer’s name. If TargetStoreLocation parameter equals CurrentUser, the script could be run under user’s privilegies. Another way to get the same certificate store is written but commented at lines 40-43.
If the certificate is found and the target certificate store is opened successfully, the certificate is put to the store at lines 51-52.
Also, as was mentioned at excerpt, this script could be used to implement dotnet dev-certs https --trust command. Based on the discussion, the script copy-certificate.example.ps1 calls the script copy-certificate.ps1 to copy the certificate with the name ASP.NET Core HTTPS development certificate from the personal user’s store to local machine’s Trusted root certification authorities store.
$CertificateName = 'ASP.NET Core HTTPS development certificate';
.\copy-certificate.ps1 `
$CertificateName `
-SourceStoreLocation 'CurrentUser' `
-SourceStoreName 'My' `
-TargetStoreLocation 'LocalMachine' `
-TargetStoreName 'Root' `
-Verbose;
1. All used IP-addresses, names of servers, workstations, domains, are fictional and are used exclusively as a demonstration only.
2. Information is provided «AS IS».
