Script to export PFX with Password?

I’ve been using a post-deployment script for a long time to export a separate PFX file with a password for a secondary application. Sometime in the past year or so, the script started throwing tons of errors (in the second line)… but it somehow still generates the certificate so I haven’t bothered to fix it much. I’m not really an expert on Powershell though, and I’m wondering if anyone knows a better way to do this? For what it’s worth I do know that you can add a password to the main certificate and then just copy that elsewhere, but that main certificate password broke some of my other integrations.

$pfx = get-pfxcertificate -filepath $result.ManagedItem.CertificatePath
certutil -f -p Password -exportpfx $pfx.SerialNumber "C:\Users\xxxx\AppData\Roaming\xxxxxxxxxxxxxx\Certificate.pfx"

Errors that I get are all related to certutil: ERROR_NO_TOKEN, ERROR_INVALID_PARAMETER, etc.

The latest version of Certify The Web has a preview option (Setting >UI > Custom PFX Password, then relaunch the UI). You can then specify a custom PFX password in Certificate > Advanced > Signing and Security. From then on that certificate (when renewed or re-requested) will have the specified password on the PFX. You can then use a Deployment Task to copy the PFX to where you need it for the other application (e.g. Deploy to CCS is just a simple file copy and the cert is named after the primary domain) , or you can use a script.

I get that but I use the certificate for multiple applications, some of which it won’t work for me to have the password on the original certificate - I just want the exported one to have the password.

Ah well, I guess I’ll just ignore the errors since my script still seems to be working otherwise.

A workaround for that could be (?) to just have two managed certificates (with same domains), one with no password (default) and the other with. I haven’t tried that recently but I think it should work fine.