Hi all,
This script can export all certificates that
have a exportable key. If you receive 'Key Not Valid for use in
specified state' it means that it is not exportable. This is useful in a
pentest to show clients that there SSL/TLS certificates are only as
strong as the protection you provide on them.
Open up Powershell as administrator then issue the following script.
#Change location to Certificate store
sl cert:
#Get all certifiicates that have a private key associated with them
gci -Recurse | where {$_.hasprivatekey -eq $true} |
#For each result with a private key write the output to c:\temp directory with the password of password.
Where-Object { $_.hasPrivateKey } |
Foreach-Object { [system.IO.file]::WriteAllBytes(
"c:\temp\$($_.thumbprint).pfx",
($_.Export('PFX', 'password')) ) }
No comments:
Post a Comment