PowerShell Get Certificate Thumbprint with Password PFX File

Question

I'm trying to get the thumbprint of a password protected pfx file using this code:

function Get-CertificateThumbprint {
    # 
    # This will return a certificate thumbprint, null if the file isn't found or throw an exception.
    #

    param (
        [parameter(Mandatory = $true)][string] $CertificatePath,
        [parameter(Mandatory = $false)][string] $CertificatePassword
    )

    try {
        if (!(Test-Path $CertificatePath)) {
            return $null;
        }

        if ($CertificatePassword) {
            $sSecStrPassword = ConvertTo-SecureString -String $CertificatePassword -Force –AsPlainText
        }

        $certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
        $certificateObject.Import($CertificatePath, $sSecStrPassword);

        return $certificateObject.Thumbprint
    } catch [Exception] {
        # 
        # Catch accounts already added.
        throw $_;
    }
}

When I run it, I get this error:

Cannot find an overload for "Import" and the argument count: "2".
At C:\temp\test.ps1:36 char:9
+         $certificateObject.Import($CertificatePath, $sSecStrPassword);
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Can someone please help me sort this out?

Thanks All. :-)

Answer 1

According to this SuperUser response, in PS 3.0 there is Get-PfxCertificate command to do that:

 Get-PfxCertificate -FilePath Certificate.pfx 

Answer 2

You can do this

$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificateObject.Import($CertificatePath, $sSecStrPassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
return $certificateObject.Thumbprint

Remember to set this two variable: $CertificatePath and $sSecStrPassword

Answer 3

The PowerShell error message is right. There are no overloads that take two parameters. Based on the parameters you are using I think you want the overload that requires a third parameter - an enum - X509KeyStorageFlags e.g.

$certificateObject.Import($CertificatePath, $sSecStrPassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)

Answer 4

Here is what I have used to read the thumbprint of a certificate in a file without importing the file on Windows PowerShell 5.1:

$Thumbprint = (Get-PfxData -Password $MyPFXCertificatePwdSecureString -FilePath $CertificateFilePath).EndEntityCertificates.Thumbprint

More information about Get-PfxData can be found here: https://docs.microsoft.com/en-us/powershell/module/pkiclient/get-pfxdata

Answer 5

FYI, looks like Get-PfxCertificate will add the ability to pass a password in powershell 6.0.

https://github.com/PowerShell/PowerShell-Docs/issues/2150

Answer 6

Thanks to this answer: Is there a command line utility to extract the certificate thumbprint? I was able to work out the following one-liner that works great:

    $thumbprint = (certutil -split -dump .\cert.pfx | findstr /c:"Cert Hash(sha1)").Substring(17)[-1]

If the PFX is password protected,

    $thumbprint = (certutil -split -p the_secret_password_to_my_pfx -dump .\cert.pfx | findstr /c:"Cert Hash(sha1)").Substring(17)[-1]

Tehcnically, it's not pure powershell, as it invokes certutil.exe, but that should be on every Windows system, so it works.

Answer 7

If you get path error in powershell, use below script:

$sSecStrPassword = "Come up with something secure!";
$FilePath = "c:\a\"
$FileName = "mycert"
$FileType = ".pfx"
$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$certificateObject.Import($FilePath+$FileName+$FileType, $sSecStrPassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
return $certificateObject.Thumbprint