在“ExtendedProperties”之类的修饰符中添加的 certutil 语法是啥

Posted 2023-02-24

【中文标题】在“ExtendedProperties”之类的修饰符中添加的 certutil 语法是啥

【英文标题】：What is the certutil syntax to add in a modifier like "ExtendedProperties"在“ExtendedProperties”之类的修饰符中添加的 certutil 语法是什么

【发布时间】：2020-02-27 16:20:29

【问题描述】：

我正在尝试找出将修饰符“ExtendedProperties”放在 certutil -p "abcd" -exportPFX 中的什么位置...。语法是什么样的？

【参考方案1】：

您可以查看 -exportPFX 的 certutil 帮助

C:\WINDOWS\system32>certutil -exportPFX -?
Usage:
  CertUtil [Options] -exportPFX [CertificateStoreName] CertId PFXFile [Modifiers]
  Export certificate and private key
    CertificateStoreName -- Certificate store name.  See -store.
    CertId -- Certificate or CRL match token.  See -store.
    PFXFile -- exported PFX data output file
    Modifiers -- Comma separated list of one or more of the following:
            NoChain -- Do not export the certificate chain
            NoRoot -- Do not export the root certificate
            ExtendedProperties -- Include extended properties
            NoEncryptCert -- Do not encrypt the certificates
            EncryptCert -- Encrypt the certificates
            ExportParameters -- Export Parameters
            CryptoAlgorithm=AlgorithmString -- Cryptographic Algorithm
              AlgorithmString Examples:
                TripleDES-Sha1
                Aes256-Sha256
    Defaults to personal machine store.
    Modifiers:
      NoChain -- End Entity certificate only
      NoRoot -- Exclude root certificate
      CryptoAlgorithm= -- Cryptographic algorithm used to create a PFX file
      ExtendedProperties
      NoEncryptCert
      EncryptCert
      ExportParameters

Options:
  -f                -- Force overwrite
  -Enterprise       -- (-ent) Use local machine Enterprise registry certificate store
  -user             -- Use HKEY_CURRENT_USER keys or certificate store
  -GroupPolicy      -- (-gp) Use Group Policy certificate store
  -Unicode          -- Write redirected output in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -split            -- Split embedded ASN.1 elements, and save to files
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -p Password               -- Password
  -ProtectTo SAMNameAndSIDList -- Comma separated SAM Name/SID List
  -t Timeout                -- URL fetch timeout in milliseconds
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

CertUtil -?              -- Display a verb list (command list)
CertUtil -exportPFX -?   -- Display help text for the "exportPFX" verb
CertUtil -v -?           -- Display all help text for all verbs

【讨论】：

我明白，但它从不显示语法的外观？？？ CertUtil [Options] -exportPFX [CertificateStoreName] CertId PFXFile [Modifiers] 对于“[Modifiers]”，您会将它放在哪里以及使用什么语法，即 -ExtendedProperties？

例如，你有这一行： certutil -p $Password -exportPFX "$Computer.$DomainDNSName" "$PFXOutputPath\$Computer.pfx" .......你需要包含修饰符“ExtendedProperties”

certutil -p $Password -exportPFX "$Computer.$DomainDNSName" "$PFXOutputPath\$Computer.pfx" ExtendedProperties