堆栈内存溢出
  简体   繁体   English

使用Powershell导出根证书

[英]Export root certificate using powershell

 原文  2015-09-17 13:19:50       powershell/ ssl/ certificate/ windows-server-2012

问题描述

I am installing a client side certificate on a Windows 2012 server through Powershell. 我正在通过Powershell在Windows 2012服务器上安装客户端证书。 Installing a client side certificate requires two steps: 安装客户端证书需要两个步骤:

  1. Installing the certificate on the Personal Store ("my"). 在个人存储(“我的”)上安装证书。
  2. Installing the root certificate of that certificate in the Trusted Root Certification Authority Store. 在受信任的根证书颁发机构存储中安装该证书的根证书。

Step 1 is fairly easy. 步骤1相当简单。 However, step 2 is tricky. 但是,步骤2是棘手的。 First, I do not know the length of the chain of the certificate. 首先,我不知道证书的链长。 When doing it by-hand, you need to go to export each certificate in the chain until you reach the root (you can only export the first element of the chain). 手动进行操作时,需要导出链中的每个证书,直到到达根为止(您只能导出链的第一个元素)。 Then, you install the root certificate in the Trusted Store. 然后,您在受信任的存储区中安装根证书。

So, my question is: how do you get the root certificate of a certificate? 所以,我的问题是:如何获得证书的根证书? My idea would be to get the certificate chain and somehow process it until you get the root certificate. 我的想法是获取证书链并以某种方式对其进行处理,直到获得根证书为止。 Any ideas on how this can be done? 关于如何做到这一点的任何想法?

1 个解决方案

解决方案1
 1  2016-08-27 16:18:43

GodEater's advice helped me, by looking at this page https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates(v=vs.110).aspx I figured out how to do it:- 通过查看此页面, https: //msdn.microsoft.com/zh-cn/library/system.security.cryptography.x509certificates(v = vs.110).aspx,GodEater的建议为我提供了帮助: --

If you import your pkcs12 certificate into System.Security.Cryptography.X509Certificates.X509Certificate2Collection 如果将pkcs12证书导入System.Security.Cryptography.X509Certificates.X509Certificate2Collection

When you take a look at the object both certificates are there, so simply looping through the object and adding each certificate to the correct store works:- 当您查看对象时,两个证书都存在,因此只需遍历对象并将每个证书添加到正确的存储即可: 

$fileName = "cert.p12";
$password = "Password"
$certRootStore = "localmachine";
$certStore = "Root";
$certStore2 = "My";
$X509Flags = "PersistKeySet,MachineKeySet";
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection;
$pfx.Import($fileName, $Password, $X509Flags);
foreach ($cert in $pfx) {
    if ($cert.Subject -match "CN=Your Cert Auth Name") {
        $store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $certStore,$certRootStore;
        $store.Open("MaxAllowed");$store.Add($cert);
        $store.Close | Out-Null
    }
    else {
        $store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $certStore2,$certRootStore;
        $store.Open("MaxAllowed");
        $store.Add($cert);
        $store.Close | Out-Null
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 powershell 的出口证书 - export certificate using powershell 使用PowerShell在根目录中禁用证书 - Disable a certificate in the Root using PowerShell 使用PowerShell从IIS导出证书 - Export certificate from IIS using PowerShell Powershell - 导出证书信息 - Powershell - Export Certificate Info 使用 PowerShell 导出带有私钥的证书,包括路径中的所有证书 - Export Certificate with private key including all certificates in path using powershell 如何通过 PowerShell 从证书文件中导出根和中间签名证书? - How can I export the root and intermediate signing certificates from a certificate file via PowerShell? 使用 PowerShell 更新证书 - Renewing a Certificate using PowerShell Powershell 证书扩展导出-csv - Powershell Certificate Extensions export-csv 生成由 Powershell 中的根证书签名的自签名证书 - Generate A Self Signed Certificate Signed By An Root Certificate in Powershell 如何使用 Powershell 脚本导出与特定 IIS 站点相关的证书详细信息 - How to export the Certificate details related to the particular IIS site using Powershell script
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM