[英]How can I verify and run a signed PowerShell script only trusting the Issuing Certificate (root) and not the Signing Certificate (leaf) itself?
[英]How can I export the root and intermediate signing certificates from a certificate file via PowerShell?
使用 PowerShell; 我需要获取一个证书文件 (.cer/.crt),并将中间和根签名证书文件导出到同一目录。 我能做的最多的是获得证书颁发者名称(中间 CA)。 如何利用 PowerShell 确定中间和根签名 CA 并保存这些证书?
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 D:\Netscaler_Certificates\example.2021.cer
$cert.IssuerName
给我:
Name Oid RawData
---- --- -------
CN=Subordinate CA, DC=domain, DC=com System.Security.Cryptography.Oid {48, 99, 49...}
您需要构建证书链,然后导出链元素:
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 D:\Netscaler_Certificates\example.2021.cer
$chain = new-object security.cryptography.x509certificates.x509chain
[void]$chain.Build($cert)
$chain.ChainElements | %{
sc -path .\$($_.Certificate.GetNameInfo("dnsName",$false)).cer -value $_.Certificate.RawData -encoding byte
}
....并“托管”您刚刚从先前答案导出的证书,下一行可能是:
(($chain.ChainElements.Certificate.Subject | Select-Object -Skip 1) -Replace ", .*").trimstart("CN=")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.