Powershell trick #2 – creating CertificateStore XML

A few weeks ago I wrote about constructing CertificateStore XML by hand. You have to open up the certificate in the browser, and export it as base64 XML, and it's a pain.

Here's a Powershell script that makes it much easier. Just pass it the name of a certificate file on the command line and it will output XML to add the certificate to the ROOT store. Then you can turn the XML into a CAB file, or add it to install XML, or process it in your application.



# CertificateStore template for adding a ROOT cert
$certAddString = @"
    <characteristic type="CertificateStore">
        <characteristic type="ROOT">
            <characteristic type="{0}">
                <parm name="EncodedCertificate" value="

# Load in a .CER file from the command line
$cert = get-pfxcertificate $args[0]

# get the thumbprint
$certHash = $cert.GetCertHashString()

# Convert the encoded blob to base64 text
$encodedCertificate = [Convert]::ToBase64String($cert.GetRawCertData())

# print those into our WAP xml template
$outXml = $certAddString -f ($certHash, $encodedCertificate)

# finished - write the XML to the outbound pipeline
write-object $outXml

Comments (3)

  1. Monkey says:

    Would it be possible for you to explain a little further? Not every monkey can fully understand this new method…

  2. scyost says:

    I added some clarification on why you would want to do this above. If it’s still not making any sense, let me know.

  3. Richard says:


    having some problems using our cert. from exchange server and getting it to unlock on the motoq.  The certificate does not have the same screens as on the blog page.  

    Help, please! Thanks!

Skip to main content