windows – 有谁知道powershell证书提供程序路径如何映射到certm
|
当使用power
shell来调查
Certificate Provider时,我注意到所有路径看起来都与
certmgr中的文件夹结构相似但不一样.看起来非常清楚:
Certs:LocalMachine ~= Certificates (Local Computer) Certs:CurrentUser ~= Certificates - Current User 我也猜测: Root ~= Trusted Root Certification Authority My ~= Personal WebHosting ~= WebHosting ... 但我一直无法找到任何官方参考(甚至是明智的解释)给我warm fuzzy我正在寻找…… 我的目的是在本地测试https WCF服务(服务器端和客户端端).我可以使用New-SelfSignedCertificate轻松生成服务器所需的自签名证书.但是,如果我尝试将客户端(也是.NET)指向服务,则无法连接,因为该服务提供了不可信任的证书. 我找到了各种过时的引用(如this one),显示了如何使用makecert(现已弃用)和certmgr的组合来生成证书颁发机构,然后使用它来为我的https服务签署证书,然后安装证书颁发机构证书进入受信任的根证书颁发机构容器以使一切正常.虽然这种方法可能会起作用,但它肯定不是开发人员/自动化友好的. 也就是说,我能够使用powershell来做到这一点: $my_cert_store_location = "Cert:LocalMachineMy"
$root_cert_store_location = "Cert:LocalMachineRoot"
$root_friendly_name = "Test Root Authority"
$root_cert_subject = "CN=$($root_friendly_name)"
# The ip and port you want to reserve for your app
$ipport = "127.0.0.11:8734"
# Your app guid (found in ApplicationInfo.cs)
$appid = "{f77c65bd-d592-4a7b-ae32-cab24130fdf6}"
# Your dns name
$dns_name = "my-machine-local"
$rebuild_root_cert = $false
$root_cert = Get-ChildItem $my_cert_store_location |
Where-Object {$_.SubjectName.Name.Equals($root_cert_subject)}
if ($root_cert -and $rebuild_root_cert)
{
Get-ChildItem $root_cert_store_location |
Where-Object {$_.SubjectName.Name.Equals($root_cert_subject)} |
Remove-Item
Remove-Item $root_cert
$root_cert = $false
}
if (-not $root_cert)
{
$root_cert = New-SelfSignedCertificate `
-Type Custom `
-FriendlyName $root_friendly_name `
-HashAlgorithm sha384 `
-KeyAlgorithm RSA `
-KeyLength 4096 `
-Subject $root_cert_subject `
-KeyUsage DigitalSignature,CertSign `
-NotAfter (Get-Date).AddYears(20) `
-CertStoreLocation $my_cert_store_location
Write-Output "Created root cert: $($root_cert.Thumbprint)"
$exported_cert = New-TemporaryFile
Export-Certificate -Cert $root_cert -FilePath $exported_cert.FullName
$imported_root_cert = Import-Certificate -FilePath $exported_cert.FullName `
-CertStoreLocation $root_cert_store_location
Write-Output "Imported root cert to: $($root_cert_store_location)$($imported_root_cert.Thumbprint)"
}
Write-Output "Root cert is: $($root_cert.Thumbprint)"
$test_signed_cert_subject = "CN=$($dns_name)"
$test_signed_cert = Get-ChildItem $my_cert_store_location |
Where-Object {$_.SubjectName.Name.Equals($test_signed_cert_subject)}
if (-not $test_signed_cert)
{
$test_signed_cert = New-SelfSignedCertificate `
-Type Custom `
-Subject $test_signed_cert_subject `
-FriendlyName $dns_name `
-Signer $root_cert `
-CertStoreLocation $my_cert_store_location
Write-Output "Created signed cert: $($test_signed_cert.Thumbprint)"
}
Write-Output "Signed cert is: $($test_signed_cert.Thumbprint)"
if ($test_signed_cert)
{
netsh http delete sslcert `
ipport="$($ipport)"
netsh http add sslcert `
ipport="$($ipport)" `
appid="$($appid)" `
certstorename="My" `
certhash="$($test_signed_cert.Thumbprint)"
Write-Output "Assigned signed cert to: $($ipport)"
}
但问题仍然存在……是否有关于证书提供者路径如何映射到certmgr文件夹的信息? 解决方法
这是容器(括号中)与其描述之间的映射:
> Personal(My) – 此容器用于存储带私钥的证书.使用证书私钥时,应用程序会查找此容器以查找相应的证书和关联的私钥. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
- windows-server-2008 – 我有2个相同的windows 2
- active-directory – 如果Windows商店将“所有内
- 如何快速测试Windows小工具?
- 从msi文件中提取自定义操作的dll
- Windows编程,没有可再发行组件
- wpf – Datagrid SelectedItem在window.IsEnable
- .net – 获取Windows服务启动类型?
- windows-server-2008 – 如何编辑另一个磁盘的启
- windows-phone-7 – Windows Phone 7 App栏,全球
- windows-server-2003 – 如何在登录Windows服务器