Open scott1138 opened 4 years ago
Still seeing this with PowerShell 7...
I also see this with PowerShell Core 7.0.0.
Is the issue in Windows PowerShell?
This seems to be a problem with Powershell 7, I get the following results when I run a script that that use Export-PfxCertificate
Powershell Version : 7.0.0 Export-PfxCertificate: Cannot export non-exportable private key.
Powershell Version: 5.1.18362.628 No error and everything is fine.
Same issue in powershell 7.0.0
/cc @anmenaga for information
May be related to https://github.com/PowerShell/PowerShell/issues/12081
Original issues was opened in August of last year.
Since then we've added builtin WinCompat
functionality.
It may be worth trying this in a fresh recent version PS Core without using WindowsCompatibility module:
PS C:\> $PSVersionTable.PSVersion
Major Minor Patch PreReleaseLabel BuildLabel
----- ----- ----- --------------- ----------
7 1 0 preview.1
PS C:\> $cert = New-SelfSignedCertificate -Subject 'mytest' -KeyExportPolicy Exportable -CertStoreLocation Cert:\CurrentUser\My
PS C:\> $cert
PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My
Thumbprint Subject EnhancedKeyUsageList
---------- ------- --------------------
8ABA70B6FAB7EEB0D6ACED618B2DC77EFF32FF1E CN=mytest {Client Authentication, Server Authentication}
PS C:\> Get-Module PKI
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 1.0 PKI {Add-CertificateEnrollmentPolicyServer, Export-Certificate, Export-PfxCertificate, Get-Ce…
PS C:\>
I get the following results whenI run a script that that use Export-PfxCertificate
Does the script first retrieves the certificate object before exporting it like in PowerShell/PowerShell#12081 ? That would explain the error.
Installed WindowsCompatibility module and imported PKI module.
Created certificate as follows:
$cert = New-SelfSignedCertificate -Subject 'test' -KeyExportPolicy Exportable -CertStoreLocation Cert:\CurrentUser\My
When exporting (and yes $pw is a securestring) I get an error that the key is not exportable: `Export-PfxCertificate -Cert $cert -Password $pw -FilePath c:\temp\test.pfx Cannot export non-exportable private key.
If I retrieve the cert by thumbprint in PS 5 and then export, it works fine: `$cert = ls 'Cert:\CurrentUser\My\FD5D219C9245E09C4EFA72110E6C03997C3CDC76' Export-PfxCertificate -Cert $cert -Password $pw -FilePath c:\temp\test.pfx
Mode LastWriteTime Length Name
-a---- 8/21/2019 11:53 AM 2630 test.pfx `
Any help would be appreciated!