Skip to content

Commit b9882df

Browse files
msmbaldwinmsmbaldwin
committed
Updates
1 parent 564cab1 commit b9882df

File tree

1 file changed

+12
-14
lines changed

1 file changed

+12
-14
lines changed

articles/key-vault/certificates/how-to-export-certificate.md

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -79,25 +79,23 @@ For more information, see [parameter definitions](/cli/azure/keyvault/secret#az-
7979
Use this command in Azure PowerShell to get the certificate named **TestCert01** from the key vault named **ContosoKV01**. To download the certificate as a PFX file, run following command. These commands access **SecretId**, and then save the content as a PFX file.
8080

8181
```azurepowershell
82-
$cert = Get-AzKeyVaultCertificate -VaultName "ContosoKV01" -Name "TestCert01"
83-
$secret = Get-AzKeyVaultSecret -VaultName "ContosoKV01" -Name $cert.Name
84-
$secretValueText = '';
85-
$ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secret.SecretValue)
86-
try {
87-
$secretValueText = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr)
88-
} finally {
89-
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)
90-
}
91-
$secretByte = [Convert]::FromBase64String($secretValueText)
92-
$x509Cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($secretByte,'','Exportable,PersistKeySet')
93-
$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx
94-
$pfxFileByte = $x509Cert.Export($type, $password)
82+
$vaultName = '<YourVault>'
83+
$certificateName = '<YourCert>'
84+
$password = '<YourPwd>'
85+
86+
$pfxSecret = Get-AzKeyVaultSecret -VaultName $vaultName -Name $certificateName -AsPlainText
87+
$secretByte = [Convert]::FromBase64String($pfxSecret)
88+
$x509Cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2
89+
$x509Cert.Import($secretByte, $null, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
90+
$pfxFileByte = $x509Cert.Export([Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $password)
9591
9692
# Write to a file
97-
[System.IO.File]::WriteAllBytes("KeyVault.pfx", $pfxFileByte)
93+
[IO.File]::WriteAllBytes("KeyVaultcertificate.pfx", $pfxFileByte)
94+
9895
```
9996

10097
This command exports the entire chain of certificates with private key (i.e. the same as it was imported). The certificate is password protected.
98+
10199
For more information on the **Get-AzKeyVaultCertificate** command and parameters, see [Get-AzKeyVaultCertificate - Example 2](/powershell/module/az.keyvault/Get-AzKeyVaultCertificate).
102100

103101
# [Portal](#tab/azure-portal)

0 commit comments

Comments
 (0)