主页 / server / 问题 / 107028
In Process
Jesse Weigert
Asked: 2010-01-28 16:39:31 +0800 CST

使用脚本将一堆证书导入正确的证书存储

  • 772

我在 p7b 文件中有一组证书,我想根据证书模板自动将每个证书导入正确的存储区。使用脚本执行此操作的最佳方法是什么?

我尝试使用certutil -addstore root Certificate.p7b,这将正确地将所有根 CA 放入根存储,但如果遇到任何其他类型的证书,它会返回错误。

我愿意使用批处理脚本、vbscript 或 powershell 来完成这项任务。谢谢!

windows ssl certificate

2 个回答

  1. 我使用CertMgr.exe一个简单的 bat 文件来导入证书。

    certmgr.exe -add -c ca.cer -s -r localMachine root  >> log.txt
certmgr.exe -add -c test.cer -s -r localMachine root  >> log.txt
certmgr.exe -add -c edu.cer -s -r localMachine root  >> log.txt

    这是一篇 TechNet 文章,其中记录了您可以使用 certmgr.exe 执行哪些命令/用法

    • 2

  2. 我还没有找到一个脚本来根据它的模板将它导入证书到正确的存储中。我认为您自己制作了该脚本,因为它根本不存在。我发现的是一个 PowerShell 脚本,它从目录导入证书,并且在命令中您必须自己指定正确的存储。我认为它可能对你有用:

    如何使用脚本 函数导入安全证书。

    注意:要获取可用商店名称的列表,请运行以下命令:dir cert: | 选择 - 扩展商店名称

    示例用法: Import-Certificate -CertFile "VeriSign_Expires-2028.08.01.cer" -StoreNames AuthRoot, Root -LocalMachine

    Import-Certificate -CertFile "VeriSign_Expires-2018.05.18.p12" -StoreNames AuthRoot -LocalMachine -CurrentUser -CertPassword Password -Verbose

    dir -Path C:\Certs -Filter *.cer | 导入证书 -CertFile $_ -StoreNames AuthRoot, Root -LocalMachine -Verbose

    脚本本身:

    #requires -Version 2.0

function Import-Certificate
{
    param
    (
        [IO.FileInfo] $CertFile = $(throw "Paramerter -CertFile [System.IO.FileInfo] is required."),
        [string[]] $StoreNames = $(throw "Paramerter -StoreNames [System.String] is required."),
        [switch] $LocalMachine,
        [switch] $CurrentUser,
        [string] $CertPassword,
        [switch] $Verbose
    )

    begin
    {
        [void][System.Reflection.Assembly]::LoadWithPartialName("System.Security")
    }

    process 
    {
        if ($Verbose)
        {
            $VerbosePreference = 'Continue'
        }

        if (-not $LocalMachine -and -not $CurrentUser)
        {
            Write-Warning "One or both of the following parameters are required: '-LocalMachine' '-CurrentUser'. Skipping certificate '$CertFile'."
        }

        try
        {
            if ($_)
            {
                $certfile = $_
            }
            $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certfile,$CertPassword
        }
        catch
        {
            Write-Error ("Error importing '$certfile': $_ .") -ErrorAction:Continue
        }

        if ($cert -and $LocalMachine)
        {
            $StoreScope = "LocalMachine"
            $StoreNames | ForEach-Object {
                $StoreName = $_
                if (Test-Path "cert:\$StoreScope\$StoreName")
                {
                    try
                    {
                        $store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName, $StoreScope
                        $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
                        $store.Add($cert)
                        $store.Close()
                        Write-Verbose "Successfully added '$certfile' to 'cert:\$StoreScope\$StoreName'."
                    }
                    catch
                    {
                        Write-Error ("Error adding '$certfile' to 'cert:\$StoreScope\$StoreName': $_ .") -ErrorAction:Continue
                    }
                }
                else
                {
                    Write-Warning "Certificate store '$StoreName' does not exist. Skipping..."
                }
            }
        }

        if ($cert -and $CurrentUser)
        {
            $StoreScope = "CurrentUser"
            $StoreNames | ForEach-Object {
                $StoreName = $_
                if (Test-Path "cert:\$StoreScope\$StoreName")
                {
                    try
                    {
                        $store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName, $StoreScope
                        $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
                        $store.Add($cert)
                        $store.Close()
                        Write-Verbose "Successfully added '$certfile' to 'cert:\$StoreScope\$StoreName'."
                    }
                    catch
                    {
                        Write-Error ("Error adding '$certfile' to 'cert:\$StoreScope\$StoreName': $_ .") -ErrorAction:Continue
                    }
                }
                else
                {
                    Write-Warning "Certificate store '$StoreName' does not exist. Skipping..."
                }
            }
        }
    }

    end
    { }
}

    来源:进口证书

    • 0

相关问题