Creating concatenated certificate container files using Windows PowerShell

I was recently enabling SSL on a web application which required the certificate file to be provided as a concatenated certificate container file containing all SSL certificates in the chain.

The method to perform the above is relatively simple and just requires each certificate to the chain to be opened in a text editor and the content to be combined into a single file.

Whilst relatively simple, I decided to use Windows PowerShell and create an advanced function to achieve the above.

Firstly, we need to specify the certificate files to combine to a container file and the in correct order of the certificate path. For Example, if you were to open the SSL certificate and view the certification path the order of the certificate files you specify should be in ascending order. Also, optionally you require to specify the private key in some scenarios in this case this should be the first certificate file specified. By default, the container file is created in the location of the users profile in PEM format but you may specify an alternative location and/or file extension.

[Parameter(Mandatory=$true)][ValidateScript({Get-Item $_})][String[]] $Certificates,
[String] $Output = ([Environment]::GetEnvironmentVariable("UserProfile")) + "\container_file.pem"

Once we have a list of certificates to combine to a container file in the correct order to retrieve (Get-Content) the content of each certificate file and add the content (Add-Content) to the container file. When I reference the content of a certificate file we are retrieving the body of each file including the begin and end tags as below.

# Retrieves and adds the content of each certificate from the specified location to a concatenated certificate container file.
ForEach ($Certificate in $Certificates)
Get-Content $Certificate | Add-Content $Output
} # Try
Write-Host ("The creation of the concatenated certificate container file failed with the following exception message: " + $Error[0].Exception.Message) -ForegroundColor Red
} # Catch
} # Process

Once the content of each certificate file has been retrieved and the content has been added to the container file this will create a file in the location specified or by default in the location of the users profile folder in PEM format.

Below is an example of the invoking the function and the output generated with the verbose message stream enabled.

ConvertTo-CertificateContainer -Certificates "C:\Certificates\SSL.crt", "C:\Certificates\IntermediateCA.crt", "C:\Certificates\RootCA.crt" -Output C:\Certificates\chain.pem -Verbose


The advanced function is available from here.











Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s