I’ve been working through this recently, here’s a cert export powershell script I wrote which works for me. This is to export all certs in the store to pfx with the appropriate name required by IIS centralised certificate management.
You will need to set your own output folder and export secret passphase.
edit: if you have more than one common name in a cert, a separate pfx is required for each. You’ll need to configure certify and/or the script to deal with that.
edit 2: formatting
dir cert:\localmachine\my |
Where-Object { $_.hasPrivateKey -and $_.PrivateKey.CspKeyContainerInfo.Exportable } |
Foreach-Object {
$filename = "$($_.Subject).pfx"
$filename = $filename -replace "CN=", ""
[system.IO.file]::WriteAllBytes(
"w:\IIS-Shared\$filename",
($_.Export('PFX', 'secret'))
)
}