| Author | Chrissy LeMaire (@cl), netnerds.net |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Backup-DbaComputerCertificate on GitHub.
Want to see the Bill Of Health for this command? Check out Backup-DbaComputerCertificate.
Exports computer certificates to disk for SQL Server network encryption backup and disaster recovery.
Exports computer certificates from the local or remote certificate store to files on disk. This is essential for backing up certificates used for SQL Server network encryption before server migrations, certificate renewals, or disaster recovery scenarios. The function works with certificate objects from Get-DbaComputerCertificate and supports multiple export formats including standard .cer files and password-protected .pfx files for complete private key backup.
Backup-DbaComputerCertificate
[[-SecurePassword] <SecureString>]
[-InputObject] <Object[]>
[[-Path] <String>]
[[-FilePath] <String>]
[[-Type] <String>]
[-EnableException]
[<CommonParameters>]
PS C:\> Get-DbaComputerCertificate | Backup-DbaComputerCertificate -Path C:\temp
Backs up all certs to C:\temp. Auto-names the files.
PS C:\> Get-DbaComputerCertificate -Thumbprint 29C469578D6C6211076A09CEE5C5797EEA0C2713 | Backup-DbaComputerCertificate -FilePath C:\temp\29C469578D6C6211076A09CEE5C5797EEA0C2713.cer
Backs up certificate with the thumbprint 29C469578D6C6211076A09CEE5C5797EEA0C2713 to the temp directory.
The certificate objects to export, typically from Get-DbaComputerCertificate pipeline output.
Use this to specify which certificates to backup for SQL Server network encryption recovery scenarios.
| Alias | |
| Required | True |
| Pipeline | true (ByValue) |
| Default Value |
Provides password protection for certificate exports, required when exporting private keys with Pfx format.
Essential for securing certificate backups that contain private keys used for SQL Server TLS encryption.
| Alias | Password |
| Required | False |
| Pipeline | false |
| Default Value |
Specifies the target directory where certificate files will be saved with auto-generated filenames.
Files are named using the pattern: ComputerName-Thumbprint.cer for easy identification during recovery.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | $pwd |
Specifies the exact file path and name for the exported certificate.
Use this when you need to control the output filename or when backing up a single certificate to a specific location.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Determines the certificate export format for different backup and deployment scenarios.
Use 'Cert' for public key only backups, 'Pfx' for complete certificate with private key backup, or other formats based on your security requirements.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | Cert |
| Accepted Values | Authenticode,Cert,Pfx,Pkcs12,Pkcs7,SerializedCert |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |