使用 powershell 导出带有私钥的证书,包括路径中的所有证书
Posted
技术标签:
【中文标题】使用 powershell 导出带有私钥的证书,包括路径中的所有证书【英文标题】:Export Certificate with private key including all certificates in path using powershell 【发布时间】:2017-10-03 15:05:58 【问题描述】:我正在使用 power shell 脚本导出带有私钥的证书,其中还包括路径中的所有证书。我为此编写了一个脚本,它不包括路径中的证书或根证书。下面是脚本。如果我的脚本有任何更改,请建议我。 提前致谢。
$Password="@de08nt2128"; #password to access certificate after expting
$CertName="WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName="WMSvc-WIN-9KC7DG31JBV"; # root certificate
$DestCertName="testcert"
$ExportPathRoot="C:\DestinationFolder"
$CertListToExport=Get-ChildItem -Path cert:\LocalMachine\My | ? $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -eq "CN=$RootCertName"
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$CertDestPath=Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$type = [System.Security.Cryptography.X509Certificates.X509Certificate]::pfx
$SecurePassword = ConvertTo-SecureString -String $Password -Force –AsPlainText
$bytes = $CertToExport.export($type, $SecurePassword)
[System.IO.File]::WriteAllBytes($CertDestPath, $bytes)
"Completed"
【问题讨论】:
【参考方案1】:更新脚本以导出与特定名称和颁发者匹配的所有证书(连同私钥)。确保以管理员权限运行:
# Script to export certificate from LocalMachine store along with private key
$Password = "@de08nt2128"; #password to access certificate after exporting
$CertName = "WMSvc-WIN-9KC7DG31JBV"; # name of the certificate to export
$RootCertName = "WMSvc-WIN-9KC7DG31JBV"; # root certificate (the Issuer)
$ExportPathRoot = "C:\DestinationFolder"
$CertListToExport = Get-ChildItem -Path cert:\LocalMachine\My | ? $_.Subject -Like "*CN=$CertName*" -and $_.Issuer -Like "CN=$RootCertName*"
foreach($CertToExport in $CertListToExport | Sort-Object Subject)
# Destination Certificate Name should be CN.
# Since subject contains CN, OU and other information,
# extract only upto the next comma (,)
$DestCertName=$CertToExport.Subject.ToString().Replace("CN=","");
$DestCertName = $DestCertName.Substring(0, $DestCertName.IndexOf(","));
$CertDestPath = Join-Path -Path $ExportPathRoot -ChildPath "$DestCertName.pfx"
$SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText
# Export PFX certificate along with private key
Export-PfxCertificate -Cert $CertToExport -FilePath $CertDestPath -Password $SecurePassword -Verbose
从您的脚本更新
要使检查$_.Issuer -eq "CN=$RootCertName"
工作,您还必须包含OU、O、S 信息,以便它正常工作,所以我将其修改为$_.Issuer -Like "CN=$RootCertName*"
,以便它匹配所有以变量开头的发行人姓名$RootCertName
使用$CertToExport.Subject.ToString().Replace("CN=","")
生成pfx 文件名将导致名称格式为some-cert-name, OU=sometext, O=org, C=country.pfx
,因此最好限制下一个逗号(,),所以我添加了$DestCertName.Substring(0, $DestCertName.IndexOf(","))
终于用Export-PfxCertifcate
用私钥导出
【讨论】:
以上是关于使用 powershell 导出带有私钥的证书,包括路径中的所有证书的主要内容,如果未能解决你的问题,请参考以下文章
如何在 C#/Xamarin 中使用带有来自 android 钥匙串的私钥的 X.509 证书?