CR - Carriage Return in RawCertificate

Oct 1, 2014 at 9:32 PM
Edited Oct 1, 2014 at 9:37 PM
I am attempting to create a script that exports a cert to a .cer file but it seems that
"Get-IssuedRequest -Property "RawCertificate" is adding CR after the RawCertificate data.
I need help removing the CR or improving the process.

I am using the snippet below to get the RawCertificate and create a file.
I can build a .cer file that opens correctly but it is not seen as a valid cert on my load balancing device. Openssl commands used to verify the cert fail as well unless I remove the CR.
#get ALL certs created today and download to local folder
write-host "Copying Today's Approved Certs to C:\temp\ssl\upload\" -ForegroundColor Yellow
$approvedcerts = Get-CertificationAuthority -Name ca-i03 | Get-IssuedRequest -Property "RawCertificate" -Filter "NotBefore -ge $(Get-Date)" 

foreach ($approvedcert in $approvedcerts)
{

  #building Filename
  $certexpyear = $approvedcert.NotAfter.Year
  $filename = $approvedcert.CommonName
  $filename = $filename -replace ".bcbsfl.com" 
  $filename = $filename + '_I_' +$certexpyear + '.cer'
  $filename
    
  New-Item    c:\temp\ssl\upload\$filename  -type file
  Add-Content c:\temp\ssl\upload\$filename "-----BEGIN CERTIFICATE-----"
    
  $approvedcert.RawCertificate | Add-Content c:\temp\ssl\upload\$filename
  
  Add-Content c:\temp\ssl\upload\$filename "-----END CERTIFICATE-----"    

}

Coordinator
Oct 2, 2014 at 5:09 AM
It seems that 3rd party tools aren't very smart with CR character. You can easily work around this issue by using the following line:
$approvedcert.RawCertificate.TrimEnd() | Add-Content c:\temp\ssl\upload\$filename -Encoding ASCII
In addition, I would recommend to save the file by using ASCII encoding, because not all tools support Unicode encoding for base64-encoded files (Add-Content uses Unicode by default).
Marked as answer by cricketw44 on 10/2/2014 at 6:43 AM
Oct 2, 2014 at 1:45 PM
Edited Oct 2, 2014 at 2:48 PM
ASCII encoding and the 'TrimEnd' change did the trick! I didn't need to change the encoding when I saved the file but I will remember that if issues like that ever come up again.

Thank you so much!
Coordinator
Oct 2, 2014 at 2:49 PM
Earlier versions of certutil, for example, can't handle unicode files.