[英]How to trust a certificate in Windows Powershell
I am using Windows 7
, and want to run signed scripts from Powershell
, the security-settings
of Powershell are set to "all-signed"
, and my scripts are signed with a valid certificate
from my company.我正在使用
Windows 7
,并且想要从Powershell
运行签名脚本, Powershell
的security-settings
设置为"all-signed"
,并且我的脚本使用我公司的valid certificate
签名。 I have also added the .pfx-file
to my local certificate store (right-clicked the pfx-file and installed)
.我还将
.pfx-file
添加到我的本地证书存储(right-clicked the pfx-file and installed)
。
However, when I start a signed script, I get a message that says:但是,当我启动一个签名脚本时,我收到一条消息:
"Do you want to run software from this untrusted publisher?
File Z:\Powershell Signed Scripts\signed.ps1 is published by CN=[MyCompanyName] and is not trusted on your system. Only run scripts from
trusted publishers.
[V] Never run [D] Do not run [R] Run once [A] Always run [?] Help
(default is "D"):"
Since I want to automatically call these scripts on my systems, I would like to add my imported certificate to the trusted list on my system, so that I do not get a message anymore when I run a signed script for the first time.因为我想在我的系统上自动调用这些脚本,所以我想将我导入的证书添加到我系统上的受信任列表中,这样我第一次运行签名脚本时就不会再收到消息。 How can I make my certificate a trusted one?
如何使我的证书成为可信证书?
How to trust a certificate in Windows Powershell
如何信任 Windows Powershell 中的证书
Indeed, you can do this without any mmc :)事实上,你可以在没有任何 mmc 的情况下做到这一点 :)
First, check the location of your personal certificate named for example "Power" :首先,检查您的个人证书的位置,例如“Power”:
Get-ChildItem -Recurse cert:\CurrentUser\ |where {$_ -Match "Power"} | Select PSParentPath,Subject,Issuer,HasPrivateKey |ft -AutoSize
(This one should be empty:) (这个应该是空的:)
gci cert:\CurrentUser\TrustedPublisher
Build the command with the path to your certificate:使用证书路径构建命令:
$cert = Get-ChildItem Certificate::CurrentUser\My\ABLALAH
Next work on certificate store ( Here I work on two certificate store : user & computer ) 证书存储的下一步工作(我在这里处理两个证书存储:用户和计算机)
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()
Check, you should find your certificate :检查,您应该找到您的证书:
ls cert:\CurrentUser\TrustedPublisher
Sounds like you need to verify that the script is signed properly and that you have the correct certificate installed in the correct certificate store.听起来您需要验证脚本是否已正确签名以及您是否在正确的证书存储中安装了正确的证书。
Use the Get-AuthenticodeSignature
cmdlet to get information about the signed script.使用
Get-AuthenticodeSignature
cmdlet 获取有关已签名脚本的信息。
Also review Scott's guide for signing certificates.另请查看Scott 的证书签名指南。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.