[英]Export root certificate using powershell
I am installing a client side certificate on a Windows 2012 server through Powershell. 我正在通过Powershell在Windows 2012服务器上安装客户端证书。 Installing a client side certificate requires two steps: 安装客户端证书需要两个步骤:
Step 1 is fairly easy. 步骤1相当简单。 However, step 2 is tricky. 但是,步骤2是棘手的。 First, I do not know the length of the chain of the certificate. 首先,我不知道证书的链长。 When doing it by-hand, you need to go to export each certificate in the chain until you reach the root (you can only export the first element of the chain). 手动进行操作时,需要导出链中的每个证书,直到到达根为止(您只能导出链的第一个元素)。 Then, you install the root certificate in the Trusted Store. 然后,您在受信任的存储区中安装根证书。
So, my question is: how do you get the root certificate of a certificate? 所以,我的问题是:如何获得证书的根证书? My idea would be to get the certificate chain and somehow process it until you get the root certificate. 我的想法是获取证书链并以某种方式对其进行处理,直到获得根证书为止。 Any ideas on how this can be done? 关于如何做到这一点的任何想法?
GodEater's advice helped me, by looking at this page https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates(v=vs.110).aspx I figured out how to do it:- 通过查看此页面, https: //msdn.microsoft.com/zh-cn/library/system.security.cryptography.x509certificates(v = vs.110).aspx,GodEater的建议为我提供了帮助: --
If you import your pkcs12 certificate into System.Security.Cryptography.X509Certificates.X509Certificate2Collection 如果将pkcs12证书导入System.Security.Cryptography.X509Certificates.X509Certificate2Collection
When you take a look at the object both certificates are there, so simply looping through the object and adding each certificate to the correct store works:- 当您查看对象时,两个证书都存在,因此只需遍历对象并将每个证书添加到正确的存储即可:
$fileName = "cert.p12";
$password = "Password"
$certRootStore = "localmachine";
$certStore = "Root";
$certStore2 = "My";
$X509Flags = "PersistKeySet,MachineKeySet";
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection;
$pfx.Import($fileName, $Password, $X509Flags);
foreach ($cert in $pfx) {
if ($cert.Subject -match "CN=Your Cert Auth Name") {
$store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $certStore,$certRootStore;
$store.Open("MaxAllowed");$store.Add($cert);
$store.Close | Out-Null
}
else {
$store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $certStore2,$certRootStore;
$store.Open("MaxAllowed");
$store.Add($cert);
$store.Close | Out-Null
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.