Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Import-certificate is not including "Properties Only" fields 1

ls62

ls62

Programmer
Oct 15, 2001
179
US
Hi,

When using the import-certificate command it is not importing the "properties only" fields. If I import the same exact .cer file using the mmc certificate snap-in it does import those values/fields.
Is this a known issue or is there something additional I need to do to import the fields highlighted in green below?

Here's a snip of the powershell code I'm using:
$DestFilePath="C:\certname.cer"
$certStore = "Cert:\LocalMachine\Root"
Import-Certificate -FilePath $DestFilePath -CertStoreLocation $certStore

A) On one server I used the MMC snap-in to import the certificate into the Root store and it worked fine.

Picture1.png

B) On a 2nd server I used the PS script above, and it imported, but did not include any of the "properties only" fields (Friendly name, Enhanced Key Usage, Extended Validation)

Picture2.png
 
Sort by date Sort by votes
It looks like when using Import-Certificate in PowerShell, only the raw certificate data is imported, but not the additional metadata such as Friendly Name, Enhanced Key Usage, or Extended Validation. The MMC snap-in, however, applies these properties during import.


To work around this, you may need to manually set the missing properties after importing. For example, you can use the following PowerShell commands to update the Friendly Name and Enhanced Key Usage:

$cert = Get-Item "Cert:\LocalMachine\Root\<Thumbprint>"
$cert.FriendlyName = "Your Friendly Name"


For Enhanced Key Usage (EKU), you may need to use certutil or a separate API call.


Let me know if you need further help troubleshooting this!
 
Upvote 0 Downvote
SnapAPKProu435 said:
It looks like when using Import-Certificate in PowerShell, only the raw certificate data is imported, but not the additional metadata such as Friendly Name, Enhanced Key Usage, or Extended Validation. The MMC snap-in, however, applies these properties during import.


To work around this, you may need to manually set the missing properties after importing. For example, you can use the following PowerShell commands to update the Friendly Name and Enhanced Key Usage:

$cert = Get-Item "Cert:\LocalMachine\Root\<Thumbprint>"
$cert.FriendlyName = "Your Friendly Name"


For Enhanced Key Usage (EKU), you may need to use certutil or a separate API call.


Let me know if you need further help troubleshooting this!
Click to expand...
Thank you for the suggestion. I too, found that I could manually update the additional metadata in other ways, but it seems odd that they wouldn't build that into the command or function since those fields exist in the .cer file.

I'll work on using some of these other methods.

On additional comment we found was to use a GPO to apply the certificate, but I have not tried that yet.

Thanks again,
Lee
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Avaya_Enjoyer
  • Locked
  • Question
Import-Excel and column Format 1
Replies
5
Views
2K
strongm
strongm
PaulSc
  • Locked
  • Question
Import-CSV with dynamic fieldname filter.?
Replies
0
Views
248
PaulSc
PaulSc
maravig
  • Locked
  • Question
Remote Patching, is this scenario possible?
Replies
1
Views
260
SophoHolland
SophoHolland
ponoodle
  • Locked
  • Question
Output to file when match is found
Replies
0
Views
219
ponoodle
ponoodle
tekpr00
  • Locked
  • Question
PowerShell Task Scheduler Not Working
Replies
2
Views
319
PaulSc
PaulSc

Part and Inventory Search

Sponsor

Back
Top