堆栈内存溢出
  简体   繁体   English

使用PowerShell创建2048位长的自签名证书

[英]Using PowerShell to Create Self-Signed Certificate of 2048 bits length

 原文  2018-01-22 12:48:56       powershell/ ssl/ ssl-certificate

问题描述

I use the function bellow to generate self-signed certificate for using it into IIS. 我使用波纹管函数生成用于将其用于IIS的自签名证书。 My question is how to generate the certificate with the public key of length 2048 bits? 我的问题是如何使用长度为2048位的公钥生成证书? I have changed $key.Length to 2048 but when I generate the certificate, public key is only 1024 bits. 我将$ key.Length更改为2048,但是当我生成证书时,公钥只有1024位。 

function Add-SelfSignedCertificate
{
    [CmdletBinding()]
    param
    (
            [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
            [Alias('cn')]
            [string]$CommonName
    )

    $name = new-object -com "X509Enrollment.CX500DistinguishedName.1"
    $name.Encode("CN=$CommonName", 0)

    $key = new-object -com "X509Enrollment.CX509PrivateKey.1"
    $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
    $key.KeySpec = 1
    $key.Length = 2048
    $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)"
    $key.MachineContext = 1
    $key.Create()

    $serverauthoid = new-object -com "X509Enrollment.CObjectId.1"
    $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1")
    $ekuoids = new-object -com "X509Enrollment.CObjectIds.1"
    $ekuoids.add($serverauthoid)
    $ekuext = new-object -com "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1"
    $ekuext.InitializeEncode($ekuoids)

    $cert = new-object -com "X509Enrollment.CX509CertificateRequestCertificate.1"
    $cert.InitializeFromPrivateKey(2, $key, "")
    $cert.Subject = $name
    $cert.Issuer = $cert.Subject
    $cert.NotBefore = get-date
    $cert.NotAfter = $cert.NotBefore.AddYears(5)
    $cert.X509Extensions.Add($ekuext)
    $cert.Encode()

    $enrollment = new-object -com "X509Enrollment.CX509Enrollment.1"
    $enrollment.InitializeFromRequest($cert)
    $enrollment.CertificateFriendlyName = $CommonName
    $certdata = $enrollment.CreateRequest(0)
    $enrollment.InstallResponse(2, $certdata, 0, "")
}

2 个解决方案

解决方案1
 0  2018-01-22 12:57:28

Why don't you generate a 2048 first and then add it like : 为什么不先生成2048,然后像这样添加它: 

New-SelfSignedCertificate -Type Custom -Subject "E=a.b@test.com,CN=user" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.4","2.5.29.17={text}email=a.b@test.com&upn=ab@test.com") -KeyUsage DataEncipherment -KeyAlgorithm RSA -KeyLength 2048 -SmimeCapabilities -CertStoreLocation "Cert:\CurrentUser\My"

Then after this you can add it. 然后在此之后可以添加它。

Hope it helps. 希望能帮助到你。

解决方案2
 0  2018-01-23 08:44:44

重新启动计算机后,问题解决了,我运行了脚本,它运行正常。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用PowerShell创建自签名证书 - Using PowerShell to Create Self-Signed Certificate powershell使用ServerCertificateValidationCallback接受自签名证书 - powershell Accepting self-signed certificates using ServerCertificateValidationCallback 无法使用 Powershell 生成自签名证书 - Unable to generate self signed certificate using Powershell 创建自签名证书并将其上传到 Azure 应用服务的最简单方法 - Easiest way to create and upload a self-signed certificate to Azure App Service 从powershell创建自签名的iis ssl证书 - Create self signed iis ssl certificate from powershell 是否可以使用自签名证书连接到 MsolService(powershell)? - Is it possible to connect to MsolService (powershell) using self signed certificate? 在Invoke-WebRequest调用中信任自签名证书 - Trusting self-signed certificate in Invoke-WebRequest call SSL ASP.Net 应用程序不信任自签名证书 - SSL Self-Signed certificate not trusted by ASP.Net app 使用根CA签名者生成自签名证书 - Generate Self-signed certificate with Root CA Signer 生成没有外部库的自签名证书 - Generating self-signed certificate without external libraries
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM