function Export-Certificates { <# .SYNOPSIS Exports certificates from a machine. .PARAMETER exportPassword The password used to secure the certificate with .PARAMETER exportPath The path the certificates are exported to. If no path is defined, the current working directory is used .PARAMETER skipRootCerts When this flag is supplied it will skip the exporting of certificates in the 'Root' store .PARAMETER skipPersonalCerts When this flag is supplied it will skip the exporting of certificates in the 'My' store .PARAMETER skipTrustedCerts When this flag is supplied it will skip the exporting of certificates in the 'Trusted' store .PARAMETER skipIACerts When this flag is supplied it will skip the exporting of certificates in the 'CertificateAuthority' store #> [CmdletBinding()] Param( [parameter(Mandatory=$false)] [string]$exportPassword, [Parameter(Mandatory=$false)] [string]$exportPath = $PWD, [Parameter(Mandatory=$false)] [switch]$skipRootCerts, [Parameter(Mandatory=$false)] [switch]$skipPersonalCerts, [Parameter(Mandatory=$false)] [switch]$skipTrustedCerts, [Parameter(Mandatory=$false)] [switch]$skipIACerts ) if (!$skipPersonalCerts.IsPresent -and !$exportPassword) { throw "Export Password cannot be null" } if ($skipRootCerts.IsPresent -and $skipPersonalCerts.IsPresent -and $skipTrustedCerts.IsPresent -and $skipIACerts.IsPresent) { throw "All Skip Switches cannot be set" } if (!(Test-Path $exportPath)) { [System.IO.Directory]::CreateDirectory($exportPath) | Out-Null } ## Removing because of issues mocking. This shouldn't be an issue. # Clear-Host [System.Reflection.Assembly]::LoadWithPartialName("System.Security.Cryptography") | Out-Null ## TODO: Don't just blindly set the $ErrorActionPreference $ErrorActionPreference = "Stop" [Collections.Generic.List[Alkami.Ops.Common.Exceptions.CertificateExportException]]$exportErrors = @() if (!($skipPersonalCerts.IsPresent)) { Write-Host "Exporting Personal Certs" $pfxExportPath = (Join-Path $exportPath "Personal") if (!(Test-Path $pfxExportPath)) { Write-Host "Creating directory at $pfxExportPath" [System.IO.Directory]::CreateDirectory($pfxExportPath) | Out-Null } $errors = Export-Cert -exportPath $pfxExportPath $exportPassword -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::My) $exportErrors.AddRange($errors) } if (!($skipIACerts.IsPresent)) { Write-Host "Exporting IA Certs" $iaExportPath = (Join-Path $exportPath "IA") if (!(Test-Path $iaExportPath)) { [System.IO.Directory]::CreateDirectory($iaExportPath) | Out-Null } $errors = Export-Cert -exportPath $iaExportPath -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::CertificateAuthority) $exportErrors.AddRange($errors) } if (!($skipRootCerts.IsPresent)) { Write-Host "Exporting Root Certs" $rootExportPath = (Join-Path $exportPath "Root") if (!(Test-Path $rootExportPath)) { [System.IO.Directory]::CreateDirectory($rootExportPath) | Out-Null } $errors = Export-Cert -exportPath $rootExportPath -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::Root) $exportErrors.AddRange($errors) } if (!($skipTrustedCerts.IsPresent)) { Write-Host "Exporting Trusted Certs" $trustedPeopleExportPath = (Join-Path $exportPath "TrustedPeople") if (!(Test-Path $trustedPeopleExportPath)) { [System.IO.Directory]::CreateDirectory($trustedPeopleExportPath) | Out-Null } $errors = Export-Cert -exportPath $trustedPeopleExportPath -storeName ([System.Security.Cryptography.X509Certificates.StoreName]::TrustedPeople) $exportErrors.AddRange($errors) } foreach ($exportError in $exportErrors) { [Alkami.Ops.Common.Exceptions.CertificateExportException]$strongError = $exportError Write-Warning ("{0}" -f $strongError.Message) Write-Warning ("`tError: {0}" -f $strongError.BaseExceptionMessage.TrimEnd()) Write-Warning ("`tName: {0}" -f $strongError.CertificateName) Write-Warning ("`tThumbprint: {0}" -f $strongError.CertificateThumbPrint) Write-Warning ("`tSubject: {0}" -f $strongError.Subject.Trim()) Write-Output `n } }