在Linux上生成用于Windows的x.509密钥对
[英]Generate x.509 key pair on Linux for use with Windows
问题描述
I've built a LAMP solution that generates many powershell files that are automated to run on many Windows Servers. 
我已经构建了一个LAMP解决方案,该解决方案生成了许多可以自动在许多Windows Server上运行的powershell文件。
I need to generate a public/private key pair within Linux, so that I can sign the powershell files and then verify their authenticity in Windows, via powershell's execution policy being set to "AllSigned" 我需要在Linux中生成一个公共/私有密钥对,以便可以通过将powershell的执行策略设置为“ AllSigned”来对Powershell文件进行签名,然后在Windows中验证其真实性。
I've tried PGP but have found that the public key it generates is not accepted by Windows Server's certificate manager. 我尝试了PGP,但发现Windows Server的证书管理器不接受它生成的公共密钥。
I'd like to use private keys that are not backed by a Root Authority, and there are many different powershell scripts that need to be authenticated and run on many Windows servers. 我想使用不受Root Authority支持的私钥,并且需要对许多不同的Powershell脚本进行身份验证并在许多Windows服务器上运行。
My question is - How to generate x.509 keypair that windows certificate manager will accept, that will work with Powershell's "AllSigned" execution policy? 我的问题是-如何生成Windows证书管理器将接受的x.509密钥对,该密钥对将与Powershell的“ AllSigned”执行策略一起使用?
Any help is appreciated. 任何帮助表示赞赏。
2 个解决方案
解决方案1
1 2016-05-14 23:01:44
As @Peter suggested, OpenSSL was the answer! 正如@Peter所建议的那样,OpenSSL就是答案!
Following instructions on this page, I was able to generate my own public/private key pair and import the public key into Windows Server Certificate Manager. 按照本页上的说明,我能够生成自己的公用/专用密钥对,并将公用密钥导入Windows Server证书管理器。
I used this command to generate the keys: 我使用以下命令来生成密钥:
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "PrivateKey.key" -out "PublicKey.crt" -days 99999
解决方案2
0 已采纳 2016-05-14 22:13:16
Have you tried using openssl command? 您是否尝试过使用openssl命令?
See http://www.ipsec-howto.org/x595.html 参见http://www.ipsec-howto.org/x595.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.