PowerShell Get Certificate Thumbprint with Password PFX File

Question

I'm trying to get the thumbprint of a password protected pfx file using this code:

function Get-CertificateThumbprint {
    # 
    # This will return a certificate thumbprint, null if the file isn't found or throw an exception.
    #

    param (
        [parameter(Mandatory = $true)][string] $CertificatePath,
        [parameter(Mandatory = $false)][string] $CertificatePassword
    )

    try {
        if (!(Test-Path $CertificatePath)) {
            return $null;
        }

        if ($CertificatePassword) {
            $sSecStrPassword = ConvertTo-SecureString -String $CertificatePassword -Force –AsPlainText
        }

        $certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
        $certificateObject.Import($CertificatePath, $sSecStrPassword);

        return $certificateObject.Thumbprint
    } catch [Exception] {
        # 
        # Catch accounts already added.
        throw $_;
    }
}

When I run it, I get this error:

Cannot find an overload for "Import" and the argument count: "2".
At C:\temp\test.ps1:36 char:9
+         $certificateObject.Import($CertificatePath, $sSecStrPassword);
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Can someone please help me sort this out?

Thanks All. :-)

Nikita R. · Answer 1 · 2017-05-16T16:44:41.023

64

According to this SuperUser response, in PS 3.0 there is Get-PfxCertificate command to do that:

 Get-PfxCertificate -FilePath Certificate.pfx

edited May 16 '17 at 16:44

answered Oct 06 '15 at 22:33

Nikita R.

7,245
3
51
62

1

Example from Microsoft: PS C:\> Get-PfxCertificate -FilePath "C:\windows\system32\Test.pfx" – niklasolsn May 19 '17 at 11:53
6

Get-PfxCertificate does not have password parameter. See answer of kyorilys if you need to import certificate in non-interactive mode. – Der_Meister Sep 18 '17 at 17:10
In 2023 it has password parameter: `(Get-PfxCertificate -FilePath $certFilePath -Password $certPassword).Thumbprint`. Password: `ConvertTo-SecureString 'myPassword' -AsPlainText -Force` – Endy Tjahjono Jun 09 '23 at 12:18

kyorilys · Answer 2 · 2022-04-07T07:43:54.397

23

You can do this

$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificateObject.Import($CertificatePath, $sSecStrPassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
return $certificateObject.Thumbprint

Remember to set this two variable: $CertificatePath and $sSecStrPassword

UPDATED:

$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertificatePath, $sSecStrPassword)

edited Apr 07 '22 at 07:43

answered Mar 03 '17 at 03:50

kyorilys

822
13
27

2

On new versions you should use $certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($CertificatePath, $sSecStrPassword) – Dinirex Sep 23 '20 at 07:24
I am getting "Exception calling "Import" with "3" argument(s): "The specified network password is not correct." . I am using your script. Any idea ? – Imran Khan Apr 04 '22 at 15:21
may be due to the new version, or like the description said, the password not correct, you have to set the $sSecStrPassword – kyorilys Apr 07 '22 at 07:44
1

Note to others trying this: Apparently the certificate path needs to be an absolute path. I used Resolve-Path to resolve a relative path and it worked perfectly – moronator Oct 06 '22 at 10:37

score 4 · Answer 3 · answered Nov 12 '14 at 05:33

The PowerShell error message is right. There are no overloads that take two parameters. Based on the parameters you are using I think you want the overload that requires a third parameter - an enum - X509KeyStorageFlags e.g.

$certificateObject.Import($CertificatePath, $sSecStrPassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)

score 3 · Answer 4 · edited Jul 01 '20 at 17:43

3

Here is what I have used to read the thumbprint of a certificate in a file without importing the file on Windows PowerShell 5.1:

$Thumbprint = (Get-PfxData -Password $MyPFXCertificatePwdSecureString -FilePath $CertificateFilePath).EndEntityCertificates.Thumbprint

More information about Get-PfxData can be found here: https://learn.microsoft.com/en-us/powershell/module/pkiclient/get-pfxdata

edited Jul 01 '20 at 17:43

peinearydevelopment

11,042
5
48
76

answered May 14 '20 at 09:33

Shaun

366
1
6
15

score 1 · Answer 5 · answered Mar 26 '18 at 13:34

1

FYI, looks like Get-PfxCertificate will add the ability to pass a password in powershell 6.0.

https://github.com/PowerShell/PowerShell-Docs/issues/2150

answered Mar 26 '18 at 13:34

CBO

19
1

James · Answer 6 · 2019-09-20T20:08:37.233

Thanks to this answer: Is there a command line utility to extract the certificate thumbprint? I was able to work out the following one-liner that works great:

    $thumbprint = (certutil -split -dump .\cert.pfx | findstr /c:"Cert Hash(sha1)").Substring(17)[-1]

If the PFX is password protected,

    $thumbprint = (certutil -split -p the_secret_password_to_my_pfx -dump .\cert.pfx | findstr /c:"Cert Hash(sha1)").Substring(17)[-1]

Tehcnically, it's not pure powershell, as it invokes certutil.exe, but that should be on every Windows system, so it works.

Prasad Bhalerao · Answer 7 · 2021-08-27T09:58:00.683

1

If you get path error in powershell, use below script:

$FilePath = "c:\a\"
$FileName = "mycert"
$FileType = ".pfx"
$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificateObject.Import($FilePath+$FileName+$FileType, $sSecStrPassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
return $certificateObject.Thumbprint

edited Aug 27 '21 at 09:58

answered Aug 05 '20 at 10:44

Prasad Bhalerao

99
1
5

PowerShell Get Certificate Thumbprint with Password PFX File

7 Answers7

Linked