Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Powershell Commands for Certificates

Self-signed Code Signing Certificate

To create the code signing certificate using PowerShell (using Administrator prompt):

$cert = New-SelfSignedCertificate -Subject "My Certificate" -Type CodeSigning -CertStoreLocation Cert:\CurrentUser\My -NotAfter (Get-Date).AddYears(100)

To export the certificate from the certificate store:

$certPassword = ConvertTo-SecureString -String "passwordhere" -Force –AsPlainText
$cert | Export-PfxCertificate -FilePath "mycert.pfx" -Password $certPassword

Public Key Extraction

To retrieve the public key from a PFX certificate using Powershell, use the following command:

$publicKey = (Get-PfxCertificate -FilePath mycert.pfx).GetPublicKey()

Hex Thumbprint

To convert the public key to a hex string without hyphens you can use this command:

[System.BitConverter]::ToString($publicKey).Replace("-", "")

Base64 Thumbprint

To get the base64 string of the SHA1 thumbprint of a PFX certificate use the following:

$publicKey = (Get-PfxCertificate -FilePath mycert.pfx).GetPublicKey()
$sha1 = New-Object System.Security.Cryptography.SHA1CryptoServiceProvider
$hash = $sha1.ComputeHash($publicKey)
[System.Convert]::ToBase64String($hash)

To get the base64 string of the SHA1 thumbprint of a PEM certificate use the following:

$publicKeyBase64 = [String]::Join("", (Get-Content -Path mycert.pem)[1..7])
$publicKey = [Convert]::FromBase64String($publicKeyBase64)
$sha1 = New-Object System.Security.Cryptography.SHA1CryptoServiceProvider
$hash = $sha1.ComputeHash($publicKey)
[System.Convert]::ToBase64String($hash)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment