Install a PFX Certificate Using PowerShell

  1. PFX Certificates Overview
  2. Import PFX Certificates Using PowerShell
Install a PFX Certificate Using PowerShell

The Microsoft Windows operating-based machine accepts multiple kinds of certificates that cater to foreign securities and functions in its kernel. One example is the Personal Exchange Format or the PFX certificate, mainly used for authorization.

This article will discuss PFX certificates and how we can import them into our local and remote machines using PowerShell.

PFX Certificates Overview

A certificate in PKCS#12 (Public Key Cryptography Standards) format is represented by a PFX file. It includes the certificate, the intermediate authority certificate required for its validity, and the certificate’s private key.

Consider it an archive that contains all the information required to deploy a certificate.

Our machine, primarily referred to as the Public Key Infrastructure or PKI Client, can import these kinds of certificates, and we will show you how to do it using PowerShell in the next section of the article.

Import PFX Certificates Using PowerShell

To start importing PFX certificates into our PKI client, we should follow a few prerequisites to ensure that we can use the required module and commands properly in our machine.

  1. A Windows Operating System Build Number 9600 and up

    • Workstation: Windows 8.1 and up
    • Server: Windows Server 2012 R2 and up
  2. PowerShell version 4 and up

If we have met the requirements above, we should have the command Import-PfxCertificate cmdlet in our library, ready to use. Verify it with the following code below.

Example Code:

Get-Command Import-PfxCertificate


CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Cmdlet          Import-PfxCertificate                        PKI

The output of the command should not yield an error. Thus, we will not be able to proceed with automating our certificate imports.

The Import-PfxCertificate is part of the PKI module as previously verified under the Source column.

In this article, we will pay more attention to the Import-PfxCertificate command, but if we are interested in the entire PKI suite, we can run the command below to find out more.

Get-Command -Module PKI

Now, we can import our PFX certificate by supplying the following values to our script:

  1. Source path of the certificate
  2. Destination certificate or the certificate store
  3. Password key that we will convert into a secure string object

Run the following code snippet below, and edit the parameter values that are accustomed to your scenario:

Import-PfxCertificate FilePath C:\Certs\test.pfx cert:\local\my -Password (ConvertTo-SecureString -String "secret" -Force AsPlainText)

Import PFX Certificate on a Remote Machine

We can improve our previous snippet of code to import certificates remotely without logging in to the machine by adding the Invoke-Command cmdlet. Then, the only requirement is to fill in the -ComputerName parameter with the remote computer or server’s hostname.

After which, enclose our previous command with braces as a value of the -ScriptBlock parameter.

Invoke-command -ComputerName remote01 -ScriptBlock
    Import-PfxCertificate FilePath C:\Certs\test.pfx cert:\local\my -Password (ConvertTo-SecureString -String "secret" -Force AsPlainText)
Marion Paul Kenneth Mendoza avatar Marion Paul Kenneth Mendoza avatar

Marion specializes in anything Microsoft-related and always tries to work and apply code in an IT infrastructure.