/
AAD - Certificates - How-To - Import signed certificate

AAD - Certificates - How-To - Import signed certificate

Owned by Alex Barth
Last updated: Mar 13, 2023 by Geoff Nelson

Prerequisites

  • Ensure the signed certificate files is on or accessible by the system that created the original certificate request

Install the certificate request 

  1. Sign in to the computer where the certificate was originally requested then start an administrative PowerShell session

    Complete any remaining instructions in this PowerShell session unless directed otherwise

  2. Run the following commands to define the certificate to be imported: 

    $path_cer = Read-Host -Prompt "Provide the path to the certificate file"
$name_cer = Read-Host -Prompt "Provide the name of the certificate file"

  3. Run the following commands to verify the certificate to be imported: 

    $file_cer = Get-ChildItem -Path $path_cer | Where-Object { $_.Name -Match $name_cer } | Sort-Object -Property LastWriteTime | Select-Object -Last 1
$test_cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($file_cer.FullName)
$test_cer | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer

  4. Run the following commands to import the certificate: 

    The Import-Certificate command will import certificates into the certificate store of the current user. The certificate store of the computer is specified by using the "CertStoreLocation" parameter with the Cert:\LocalMachine\My value. 

    $cert_folder = 'Cert:\LocalMachine\My'
$cert_object = Import-Certificate -FilePath $file_cer.FullName -CertStoreLocation $cert_folder
$cert_object | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer

Update the certificate  

  1. Run the following commands to replace the certificate: 

    The commands below are optional and will alert most Windows applications that an old certificate has been replaced by a new one. Only applications that subscribe to certificate notifications will be affected by these commands

    $cert_match = Get-ChildItem -Path $cert_folder | Where-Object {$_.Subject -eq $cert_object.Subject -and $_.Issuer -eq $cert_object.Issuer } | Sort-Object -Property NotBefore -Descending
If ($cert_match.Count -eq 2) { Try { Switch-Certificate -OldCert $cert_match[1] -NewCert $cert_match[0]; Write-Host "Switch certificate completed." } Catch { Write-Host "Error replacing certificate" } }
If ($cert_match.Count -gt 2) { Write-Host "Too many matching certificate; reduce matching certificate count to 2"; $cert_match | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer }
If ($cert_match.Count -lt 2) { Write-Host "Only one matching certificate; review certificates and service config"; $cert_match | Select-Object Thumbprint, HasPrivateKey, NotBefore, NotAfter, Subject, Issuer }

  2. Run the following commands to remove the previous certificate 

    If ($cert_match.Count -eq 2) { Try { Remove-Item $cert_match[1].PSPath } Catch { Write-Host "Error removing certificate" } }



Confluence Documentation | Web Privacy Policy | Web Accessibility