Click here to Skip to main content
15,616,341 members
Articles / Hosted Services / Storage
Technical Blog
Posted 21 Feb 2022


1 bookmarked

How to Copy the Certificate with PowerShell Core

Rate me:
Please Sign up or sign in to vote.
0.00/5 (No votes)
21 Feb 2022CPOL2 min read
PowerShell script which copies certificate to another storage
In this post, you will find a description of a PowerShell script that copies a certificate from one certificate store to another.


In this post, I’d like to describe the PowerShell script which copies the certificate from one certificate store to another. I created this script to duplicate a result of dotnet dev-certs https --trust command, but in unattended mode. In addition, it could be used for other automation tasks.


Solution uses PowerShell 7.1.4.


There is a listing of the script copy-certificate.ps1:

param (
    # certificate name
    [Parameter(Mandatory = $true, Position = 0)]

    # source store location, could be local or remote computer
    [Parameter(Mandatory = $false)]
    [string]$SourceStoreLocation = 'CurrentUser',

    # source store name
    [Parameter(Mandatory = $false)]
    [string]$SourceStoreName = 'My',

    # target store location, could be local or remote computer
    [Parameter(Mandatory = $false)]
    [string]$TargetStoreLocation = 'LocalMachine',

    # target store name
    [Parameter(Mandatory = $false)]
    [string]$TargetStoreName = 'Root'

# get the certificate from the source store
$Path = "cert:\$($SourceStoreLocation)\$($SourceStoreName)";
$Certificate = `
    Get-ChildItem -Path $Path -Recurse | `
    Where-Object { $_.FriendlyName -like $CertificateName };
if ((-not $?) -or ($null -eq $Certificate)) {
    Write-Error "Certificate is not found '$CertificateName'";
else {
    Write-Verbose "Get certificate, thumbrint=$($Certificate.Thumbprint)";

# open the target certificate store
$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store `
    -ArgumentList $TargetStoreName, $TargetStoreLocation;
# another way to get the same certificate store
# $StoreName = "cert:\$($TargetStoreLocation)\$($TargetStoreName)";
# $CertStore = Get-Item $StoreName
# $CertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
if ((-not $?) -or ($null -eq $CertStore)) {
    Write-Error 'Certificate store is not opened';
else {
    Write-Verbose 'Certificate store is opened';
if (-not $?) {
    Write-Error 'Certificate was not added';
else {    
    Write-Host "Certificate '$CertificateName' is added to the store 
    'cert:\$($TargetStoreLocation)\$($TargetStoreName)'" -ForegroundColor Blue;

The script gets the certificate by its name from the store, opens the target certificate store and puts obtained certificate.

According to the mentioned steps, the certificate is obtained from the certificate store at lines 24-27, where the certificate name, the store location and the store name are set by parameters. These parameters could be wrong or a certificate could not be found, so result is checked for nullity.

The script tries to open the target certificate store at lines 37-39. Let’s note that this operation requires Administrative privileges when TargetStoreLocation parameter equals LocalMachine or remote computer’s name. If TargetStoreLocation parameter equals CurrentUser, the script could be run under user’s privilegies. Another way to get the same certificate store is written but commented at lines 40-43.

If the certificate is found and the target certificate store is opened successfully, the certificate is put to the store at lines 51-52.

Also, as was mentioned at excerpt, this script could be used to implement dotnet dev-certs https --trust command. Based on the discussion, the script copy-certificate.example.ps1 calls the script copy-certificate.ps1 to copy the certificate with the name ASP.NET Core HTTPS development certificate from the personal user’s store to local machine’s Trusted root certification authorities store.

$CertificateName = 'ASP.NET Core HTTPS development certificate';

.\copy-certificate.ps1 `
    $CertificateName `
    -SourceStoreLocation 'CurrentUser' `
    -SourceStoreName 'My' `
    -TargetStoreLocation 'LocalMachine' `
    -TargetStoreName 'Root' `

1. All used IP-addresses, names of servers, workstations, domains, are fictional and are used exclusively as a demonstration only.
2. Information is provided «AS IS».


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By
Software Developer (Senior)
Ukraine Ukraine
• Have more than 25 years of the architecting, implementing, and supporting various applications from small desktop and web utilities up to full-fledged cloud SaaS systems using mainly Microsoft technology stack and implementing the best practices.
• Have significant experience in the architecting applications starting from the scratch and from the existent application (aka “legacy”) where it is required to review, refactor, optimise the codebase and data structure, migrate to new technologies, implement new features, best practices, create tests and write documentation.
• Have experience in project management, collecting business requirements, creating MVP, working with stakeholders and end users, and tasks and backlog management.
• Have hands-on experience in the setting up CI/CD pipelines, the deploying on-premise and cloud systems both in Azure and AWS, support several environments.
• As Mathematician, I interested much in the theory of automata and computer algebra.

Comments and Discussions

-- There are no messages in this forum --