[英]Redistribute x509 certificates to different stores
I have a p7b file, which contains 4 certificates. 我有一个p7b文件,其中包含4个证书。 But I need them in several stores. 但是我在几家商店都需要它们。 So I first import the certificates in Cert:\\LocalMachine\\My
store and then I need to move some of them elsewhere. 因此,我首先将证书导入Cert:\\LocalMachine\\My
商店,然后将其中一些Cert:\\LocalMachine\\My
移到其他地方。 So far I have this code: 到目前为止,我有以下代码:
Import-Certificate -FilePath "C:\SCOM\cert\cert_{dns name}.p7b" -CertStoreLocation Cert:\LocalMachine\My
$certIntermediate = Get-Item -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Contains "ABB Intermediate CA"}
$certRootCA = Get-Item -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Contains "ABB Root CA"}
$certIssuing = Get-Item -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Contains "ABB Issuing CA"}
$store = Get-Item -Path Cert:\LocalMachine\My
$store.Open("ReadWrite")
$store.Remove($certIntermediate)
$store.Remove($certRootCA)
$store.Remove($certIssuing)
$store.Close()
$storeIntermediate = Get-Item -Path Cert:\LocalMachine\CA
$storeIntermediate.Open("ReadWrite")
$storeIntermediate.add($certIntermediate)
$storeIntermediate.close()
$storeAuthRoot = Get-Item -Path Cert:\LocalMachine\AuthRoot
$storeAuthRoot.Open("ReadWrite")
$storeAuthRoot.add($certRootCA)
$storeAuthRoot.add($certIssuing)
$storeAuthRoot.close()
Ignore the {dns name} part in first row, that's just a general replacement. 忽略第一行中的{dns name}部分,这只是一般替换。 Problem is in rows 2-4. 问题出在2-4行中。 If I put the certificate path directly (like Cert:\\LocalMachine\\My\\8B4027E6B32E4E45C1DDB6A211
) the rest of the script works. 如果我直接放置证书路径(例如Cert:\\LocalMachine\\My\\8B4027E6B32E4E45C1DDB6A211
),则脚本的其余部分将正常工作。
Obviously I don't know the thumbprints before importing the certificates, so I can't use that. 显然,导入证书之前我不知道指纹,所以我不能使用它。 And the Where-Object
doesn't seem to work. 而且Where-Object
似乎不起作用。 I tried Get-ChildItem
instead of Get-Item
, I tried Where
instead of Where-Object
, I tried -ccontains
(accidentally) and -like
instead of -contains
, but the certificates are not "loaded" to the variables. 我试图Get-ChildItem
,而不是Get-Item
,我想Where
,而不是Where-Object
,我想-ccontains
(意外)和-like
,而不是-contains
,但证书不是“装”的变量。 When I try to delete them later in the code, I get the error value can not be null . 当我稍后尝试在代码中删除它们时,我得到的错误值不能为null 。 How can I select the correct certificates to move them? 如何选择正确的证书来移动它们?
I have noticed three things which have to be clarified for your script. 我注意到必须为您的脚本澄清三件事。
Get-Item
gives you the store, not the certificate(s): 首先,问题在于cmdlet Get-Item
会为您提供存储,而不是证书: PS> Get-Item -Path Cert:\LocalMachine\My
Name : My
What you wanted to use is Get-ChildItem
: 您要使用的是Get-ChildItem
:
PS> Get-ChildItem -Path Cert:\LocalMachine\My
PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My
Thumbprint Subject
---------- -------
34BF9D3F534C2501977557CC9A48C9F5AAAAAAAA CN=localhost
By the way, that explains why it works when you provide the thumbprint. 顺便说一句,这解释了为什么在提供指纹时它可以工作。 This is because you provide cert's path to Get-Item
instead of store path. 这是因为您提供了证书到Get-Item
的路径,而不是商店路径。
PS> $cert = Get-Item -Path Cert:\CurrentUser\My\34BF9D3F534C2501977557CC9A48C9F5AAAAAAAA
PS> $cert
PSParentPath: Microsoft.PowerShell.Security\Certificate::CurrentUser\My
Thumbprint Subject
---------- -------
34BF9D3F534C2501977557CC9A48C9F5AAAAAAAA CN=localhost
-contains
. 另一件事是-contains
的用法。 Please see this answer for more explanation. 请参阅此答案以获取更多说明。 In general, it's not designed for substring comparison. 通常,它不是为子字符串比较而设计的。 Use something else (for example -like
) instead: 使用其他内容(例如-like
)代替: Get-ChildItem -Path Cert:\CurrentUser\My\ | Where-Object {$_.Subject -like "*google*"}
?
and Where
are aliases to Where-Object
, you can check it here: 和Where
是Where-Object
别名,您可以在此处进行检查: PS> get-alias | ? resolvedcommandname -eq "Where-Object"
CommandType Name Version Source
----------- ---- ------- ------
Alias ? -> Where-Object
Alias where -> Where-Object
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.