Sign in to the computer where the certificate was originally requested then start an administrative PowerShell session
Complete any remaining instructions in this PowerShell session unless directed otherwise |
Run the following commands to define the certificate to be imported:
$path_cer = Read-Host -Prompt "Provide the path to the certificate file" $name_cer = Read-Host -Prompt "Provide the name of the certificate file" |
Run the following commands to verify the certificate to be imported:
$file_cer = Get-ChildItem -Path $path_cer | Where-Object { $_.Name -Match $name_cer } | Sort-Object -Property LastWriteTime | Select-Object -Last 1
$test_cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($file_cer.FullName)
$test_cer | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer |
Run the following commands to import the certificate:
The Import-Certificate command will import certificates into the certificate store of the current user. The certificate store of the computer is specified by using the "CertStoreLocation" parameter with the Cert:\LocalMachine\My value. |
$cert_folder = 'Cert:\LocalMachine\My' $cert_object = Import-Certificate -FilePath $file_cer.FullName -CertStoreLocation $cert_folder $cert_object | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer |
Run the following commands to replace the certificate:
The commands below are optional and will alert most Windows applications that an old certificate has been replaced by a new one. Only applications that subscribe to certificate notifications will be affected by these commands |
$cert_match = Get-ChildItem -Path $cert_folder | Where-Object {$_.Subject -eq $cert_object.Subject -and $_.Issuer -eq $cert_object.Issuer } | Sort-Object -Property NotBefore -Descending
If ($cert_match.Count -eq 2) { Try { Switch-Certificate -OldCert $cert_match[1] -NewCert $cert_match[0] } Catch { Write-Host "Error replacing certificate" } }
If ($cert_match.Count -gt 2) { Write-Host "Too many matching certificate; reduce matching certificate count to 2"; $cert_match | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer }
If ($cert_match.Count -lt 2) { Write-Host "Only one matching certificate; review certificates and service config"; $cert_match | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer } |
Run the following commands to remove the previous certificate
If ($cert_match.Count -eq 2) { Try { Remove-Item $cert_match[1] } Catch { Write-Host "Error removing certificate" } } |