[英]How to import pfx certificate and set private key permissions for all users
I have self-signed pfx certificate, and machine with 2 users (A and B). 我有自签名的pfx证书,并且具有2个用户(A和B)的计算机。 I need to install the certificate using some command line tool and it should be available for all users.
我需要使用某些命令行工具安装证书,并且该证书应对所有用户可用。
In case user A installs the certificate manually in LocalMachine\\My or LocalMachine\\Root it is available only for user A because user B doesn't have private key permissions. 如果用户A在LocalMachine \\ My或LocalMachine \\ Root中手动安装证书,则该证书仅对用户A可用,因为用户B没有私钥权限。
I tried 我试过了
winhttpcertcfg.exe -i cert.pfx -p pass -a Everyone -c LOCAL_MACHINE\Root
but it doesn't help, certificate is available only for user that runs winhttpcertcfg. 但这无济于事,证书仅适用于运行winhttpcertcfg的用户。
I tried 我试过了
winhttpcertcfg.exe -i cert.pfx -p pass -a Everyone -c LOCAL_MACHINE\My
but it installs the certificate in Root instead of My regardless -c parameter. 但无论-c参数如何,它都将证书安装在Root中而不是My中。
I tried 我试过了
certutil -f -p pass -importpfx "cert.pfx"
but it doesn't help, certificate is available only for user that runs certutil. 但这无济于事,证书仅适用于运行certutil的用户。
In case My store the issue can be fixed manually: 如果我的商店的问题可以手动解决:
But I need some automatic way that I will use while installing my applications. 但是我需要在安装应用程序时使用的一些自动方式。
To import certificate you can use this powershell command 要导入证书,可以使用此powershell命令
Import-PfxCertificate -FilePath $certFilename cert:$certStoreLocation -Password $mypwd
and use this for managing permissions 并使用它来管理权限
How to Grant permission to user on Certificate private key using powershell? 如何使用Powershell向用户授予证书私钥上的权限?
Import-PfxCertificate has been giving me issues when trying to grant permissions to the private key. 尝试向私钥授予权限时,Import-PfxCertificate出现问题。 The returned certificate and the certificate object grabbed using the
返回的证书和证书对象使用
cert:\LocalMachine\My
both have null on the private key property. 两者的私钥属性都为null。
I have to use a x509 certificate store and x509certifcate2 object to import the certificate and private key. 我必须使用x509证书存储区和x509certifcate2对象导入证书和私钥。 Then I'm able to change the private key permissions in powershell
然后我就可以在Powershell中更改私钥权限
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.