Convert-CertBase64DataToFile.ps1

function Convert-CertBase64DataToFile {
    <#
    .SYNOPSIS
    Converts the Base64 string representation of a certificate to a Certificate object and optionally
    saves the certificate to disk
 
    .PARAMETER CertBase64Data
    Base64 String certificate representation
 
    .PARAMETER OutputFile
    Full path to the certificate to save to disk
 
    .PARAMETER Password
    Password to protect the private key certificate (.pfx)
 
    .EXAMPLE
    Convert-CertBase64DataToFile -CertBase64Data (Get-AzKeyVaultSecret myCertificateSecret).SecretValueText -OutputFile C:\LocalTemp\myCertificateSecret.pfx -Password (Read-Host -AsSecureString p)
    p: *************
    #>


    param(
        [parameter(Mandatory, Position = 1, ValueFromPipeline)]
        ## Base64String representation of the certificate object
        [Alias('Data')]
        [string]$CertBase64Data,

        [parameter(Position = 2)]
        ## Full file path where to save the converted certificate
        [string]$OutputFile,

        [parameter(Position = 3)]
        ## password to use to save a Private Key file
        [securestring]$Password
    )

    process {
        [byte[]]$certData = [System.Convert]::FromBase64String($CertBase64Data)
        $certObject = [System.Security.Cryptography.X509Certificates.X509Certificate2] $certData

        if (! [string]::IsNullOrWhiteSpace($OutputFile)) {
            if (! [string]::IsNullOrWhiteSpace($Password)) {
                if (! $certObject.HasPrivateKey) {
                    Write-Warning "Saving a .cer file in .pfx format with password may result in a corrupted file"
                }
                $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
                $certCollection.Import($certData, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
                [System.IO.File]::WriteAllBytes($OutputFile, $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $Password))
            }
            else {
                [System.IO.File]::WriteAllBytes($OutputFile, $certObject.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert))
            }
        }
        else {
            $certObject
        }
    }
}