1

I am trying to find out where to put the modifier "ExtendedProperties" in the certutil -p "abcd" -exportPFX.... What would the syntax look like?

john.trussell
  • 11
  • 2

1 Answers1

0

You can check the certutil help for -exportPFX

C:\WINDOWS\system32>certutil -exportPFX -?
Usage:
  CertUtil [Options] -exportPFX [CertificateStoreName] CertId PFXFile [Modifiers]
  Export certificate and private key
    CertificateStoreName -- Certificate store name.  See -store.
    CertId -- Certificate or CRL match token.  See -store.
    PFXFile -- exported PFX data output file
    Modifiers -- Comma separated list of one or more of the following:
            NoChain -- Do not export the certificate chain
            NoRoot -- Do not export the root certificate
            ExtendedProperties -- Include extended properties
            NoEncryptCert -- Do not encrypt the certificates
            EncryptCert -- Encrypt the certificates
            ExportParameters -- Export Parameters
            CryptoAlgorithm=AlgorithmString -- Cryptographic Algorithm
              AlgorithmString Examples:
                TripleDES-Sha1
                Aes256-Sha256
    Defaults to personal machine store.
    Modifiers:
      NoChain -- End Entity certificate only
      NoRoot -- Exclude root certificate
      CryptoAlgorithm= -- Cryptographic algorithm used to create a PFX file
      ExtendedProperties
      NoEncryptCert
      EncryptCert
      ExportParameters

Options:
  -f                -- Force overwrite
  -Enterprise       -- (-ent) Use local machine Enterprise registry certificate store
  -user             -- Use HKEY_CURRENT_USER keys or certificate store
  -GroupPolicy      -- (-gp) Use Group Policy certificate store
  -Unicode          -- Write redirected output in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -split            -- Split embedded ASN.1 elements, and save to files
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -p Password               -- Password
  -ProtectTo SAMNameAndSIDList -- Comma separated SAM Name/SID List
  -t Timeout                -- URL fetch timeout in milliseconds
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

CertUtil -?              -- Display a verb list (command list)
CertUtil -exportPFX -?   -- Display help text for the "exportPFX" verb
CertUtil -v -?           -- Display all help text for all verbs
trashrobber
  • 727
  • 2
  • 9
  • 26
  • I understand that but it never shows how the syntax would look??? CertUtil [Options] -exportPFX [CertificateStoreName] CertId PFXFile [Modifiers] For "[Modifiers] " where would you put it and in what syntax i.e. -ExtendedProperties? – john.trussell Feb 27 '20 at 17:48
  • For example it you had this line: certutil -p $Password -exportPFX "$Computer.$DomainDNSName" "$PFXOutputPath\$Computer.pfx" .......and you needed to included the modifier "ExtendedProperties" – john.trussell Feb 27 '20 at 17:52
  • certutil -p $Password -exportPFX "$Computer.$DomainDNSName" "$PFXOutputPath\$Computer.pfx" ExtendedProperties – trashrobber Feb 27 '20 at 22:02