在 powershell 中使用 Import-PfxCertificate 命令安装证书 pfx 文件时找不到私钥

Question

I was automating installing a certificate with a task scheduler.The certificate contains private key in a pfx file. When i install the pfx file with double click it works fine with my dot net project. But while i install it with powershell command :

$password =  ConvertTo-SecureString "apass" -AsPlainText -Force

Import-PfxCertificate –FilePath C:\cert\certMob2019.pfx cert:\localMachine\Root -Password $password

the certificate install successfully in correct store. But my dot net project generate this error:

System.Security.Cryptography.CryptographicException: 'Object contains only the public half of a key pair. A private key must also be provided.'

Answer 1

While installing with Import-PfxCertificate it dont import the private key in containers.The alternateway is installing with C# script:

X509Certificate2 cert = new X509Certificate2(pfxfilewithlocation.pfx, Password, X509KeyStorageFlags.PersistKeySet);

            using (X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
            {
                store.Open(OpenFlags.ReadWrite);
                try
                {
                    store.Add(cert);
                    int indexInStore = store.Certificates.IndexOf(cert);
                    cert = store.Certificates[indexInStore];
                }
                catch (Exception e)
                {
                    Console.WriteLine(e);
                }
            }

X509KeyStorageFlags.PersistKeySet make the private key persist and access to all applications

Answer 2

您必须在个人存储中安装 PFX，而不是在根存储中： cert:\\localMachine\\my