Convert-PfxToPem returns "Invalid provider type specified" when converting PFX to PEM.

[richardhicks]

When using Convert-PfxToPem in PSPKI v3.7.2 I am receiving an error stating "Invalid provider type specified". Below is the exact command syntax and output.

$Pwd = ConvertTo-SecureString -String 'foobar' -AsPlainText -Force
Convert-PfxToPem -InputFile C:\foo.pfx -Password $pwd -OutputFile C:\foo.pem -OutputType Pkcs1 -Verbose

Invalid provider type specified
At C:\Program Files\WindowsPowerShell\Modules\pspki\3.7.2\Client\Convert-PfxToPem.ps1:141 char:3

•     throw New-Object ComponentModel.Win32Exception ([Runtime.Inte ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OperationStopped: (:) [], Win32Exception
  • FullyQualifiedErrorId : Invalid provider type specified

[Crypt32]

This is a known issue when private key is stored in KSP. There is an issue with the way how .NET imports the PFX and making it exportable — it is exportable, but only in encrypted form (PFX) and doesn't allow key export in raw PKCS1/PKCS8 format.

[richardhicks]

Got it. Thanks for the information, Vadims.

[Crypt32]

Reopening this. There is a chance to get this working for certificates installed in store, rather than PFX.

[richardhicks]

Ok, thanks!