Import PfxCertificate - PowerShell

Overview

Import-PfxCertificate securely imports a Personal Information Exchange (PFX) certificate into the local computer’s certificate store, making it available for use by applications and services. This command is primarily useful for importing certificates obtained from trusted Certificate Authorities.

Syntax

Import-PfxCertificate -FilePath <string> [-Password <string>] [-CertStore <string>] [-ImportFriendlyName <string>] [-KeyAlgorithm <string>] [-Exportable <bool>] [-PersistKey <bool>]

Options/Flags

  • -FilePath: Specifies the path to the PFX file containing the certificate. This parameter is required.
  • -Password: The password used to protect the private key within the PFX file. If omitted, the user will be prompted to enter the password.
  • -CertStore: Specifies the certificate store to which the certificate will be imported. By default, the “My” store is used.
  • -ImportFriendlyName: Sets a friendly name for the imported certificate. If omitted, the certificate’s subject name will be used.
  • -KeyAlgorithm: Specifies the key algorithm to use when importing the private key. Default is RSA.
  • -Exportable: Controls whether the private key is exportable from the computer. Default is $false.
  • -PersistKey: Indicates whether the private key should be permanently stored on the computer. Default is $false.

Examples

  • Import a PFX certificate from a file using a password:
Import-PfxCertificate -FilePath "C:\MyCertificates\cert.pfx" -Password "mypassword"
  • Import a certificate from a specific store:
Import-PfxCertificate -FilePath "C:\MyCertificates\cert.pfx" -CertStore "WebHosting"
  • Import a certificate with a friendly name:
Import-PfxCertificate -FilePath "C:\MyCertificates\cert.pfx" -ImportFriendlyName "MyCompanyCert"

Common Issues

  • Invalid password: Ensure the specified password is correct.
  • No certificate found: Verify the PFX file contains a valid certificate.
  • Access denied: Ensure the PFX file and the certificate store have appropriate permissions.

Integration

Import-PfxCertificate can be integrated with other commands to automate certificate management. For example, it can be combined with New-SelfSignedCertificate to create and import a self-signed certificate.

$certificate = New-SelfSignedCertificate -Name "MySelfSignedCert"
Import-PfxCertificate -FilePath (Export-PfxCertificate $certificate)
  • Export-PfxCertificate: Exports a PFX certificate from the certificate store.
  • Get-PfxCertificate: Retrieves PFX certificate details.
  • New-SelfSignedCertificate: Creates a self-signed certificate.
  • SCEPClient: Enrolls for a certificate from a SCEP server.