how to manage / generate pfx files when using centralized certificate management RRS feed

  • Question

  • User624346371 posted

    So i've been playing around with IIS Centralized certificate management by creating some test certificates using powershell.

    Powershell commandlets (Export-pfxcertifcate) usually create a certificate and it's corresponding private key and store it directly to the certificate store. And then you export it as pfx and store it at the central location. And then the certificate "needs" to be deleted from the store.

    But this process seems counterproductive to how centralized certificate management is supposed to work so I'm wondering - how is one supposed to (in an automated fashion)

    1. 1. generate a key-pair
    2. 2. generate a csr
    3. 3. get the signed cer from CA
    4. 4. export everything to the file share where IIS centralized certificate management looks up

    without involving third party tooling and not relying on certificates being stored in the certificate store.

    Tuesday, February 23, 2021 6:39 PM

All replies

  • User1065476709 posted

    Hi krustyfied,

    how is one supposed to (in an automated fashion)

    It seems impossible in an automated fashion, have you tried any?

    Best regards,


    Wednesday, February 24, 2021 9:35 AM
  • User690216013 posted

    without involving third party tooling

    A corporation that might rely on CCS feature is probably already on a third party solution or home made system, so your assumption is not really valid.

    Wednesday, February 24, 2021 8:44 PM