How to export certificate to PFX format
Sitecore 9 use SSL certificates to secure communication with xConnect and Solr.
Sitecore Fundamentals module has a task for generating self-signed certificate and export certificate to the crt file. In each installation package, you can find a file xconnect-createcert.json This file can be used to generate a self-signed certificate and install the certificate on the local system.
#create and install certificate for Solr
$certParams = @{
Path = "C:\xconnect-createcert.json"
CertificateName = "solr.local"
}
Install-SitecoreConfiguration @certParams -Verbose The output from the execution of xconnect-createcert.json is the following:
What if you want to export the certificate to PFX format? You can put this code somewhere between certificate generation and certificate usage:
$solrHost = "solr.local"
$password = "secret"
$certificateStore = "C:\Solr6.6.2\\server\\etc\\solr-ssl.keystore.pfx"
$cert = Get-ChildItem Cert:\LocalMachine\Root | where FriendlyName -eq "$solrHost"
$certPwd = ConvertTo-SecureString -String $password -Force -AsPlainText
$cert | Export-PfxCertificate -FilePath $certificateStore -Password $certpwd | Out-NullYou can also convert this code to use as SIF task.
First, we need to define parameters for our script
"Parameters": {
// An example of CertStoreLocation Cert:\LocalMachine\My
"CertStoreLocation": {
"Type": "String",
"Description" : "Specifies the path of the store from which certificates will be exported."
},
// Property and value are used to choose certificate from CertStoreLocation
// By defaul FriendlyName is used to find certificate to export,
// but you can specify other property available in certificate ex. Subject
"Property": {
"Type": "String",
"DefaultValue" : "FriendlyName"
},
"Value": {
"Type": "String"
},
"PfxFile": {
"Type": "String",
"Description" : "Specifies the path for the PFX file."
},
"CertPassword": {
"Type": "String",
"Description" : "Specifies the password for the exported PFX file."
}
}Next, we have to create a one-liner script. This script:
- will find a proper certificate in provided certification storage
- export certificate to file and encrypt with provided password
Please notice that script is flexible where $Property -eq $Value. You can use any certificate property to find a proper certificate. By default FriendlyName is used, but for example, you can use Thumbprint, Subject or other properties available in certificate object.
Get-ChildItem $CertStoreLocation | where $Property -eq $Value | Export-PfxCertificate -FilePath $PfxFile -Password (ConvertTo-SecureString -String $CertPassword -Force -AsPlainText) | Out-NullNow, let's wrap up a script as SIF task:
"Tasks": {
"Export-Certificate": {
"Type": "ScriptBlock",
"Params": {
"Script": "PARAM($CertStoreLocation,$Property,$Value,$PfxFile,$CertPassword) Get-ChildItem $CertStoreLocation | where $Property -eq $Value | Export-PfxCertificate -FilePath $PfxFile -Password (ConvertTo-SecureString -String $CertPassword -Force -AsPlainText) | Out-Null",
"Arguments": [ "[parameter('CertStoreLocation')]", "[parameter('Property')]", "[parameter('Value')]", "[parameter('PfxFile')]", "[parameter('CertPassword')]" ]
}
}
} The JSON file ready to download and use is available here export-pfxcertificate.json
You should configure script and use as on example below:
Import-Module SitecoreInstallFramework
$exportParams =@{
Path = "C:\export-pfxcertificate.json"
PfxFile = "C:\exported.pfx"
CertPassword = "secret"
CertStoreLocation = "Cert:\LocalMachine\My"
Value = "solr.local"
}
Install-SitecoreConfiguration @exportParams -Verbose