我在 p7b 檔案中有一組證書,我想根據證書範本自動將每個證書匯入到正確的儲存中。使用腳本執行此操作的最佳方法是什麼?
我嘗試使用certutil -addstore root Certificate.p7b,這將正確地將所有根 CA 放入根儲存中,但如果遇到任何其他類型的證書,它會傳回錯誤。
我願意使用批次腳本、vbscript 或 powershell 來完成此任務。謝謝!
答案1
我使用CertMgr.exe一個簡單的 bat 檔案來匯入憑證。
certmgr.exe -add -c ca.cer -s -r localMachine root >> log.txt
certmgr.exe -add -c test.cer -s -r localMachine root >> log.txt
certmgr.exe -add -c edu.cer -s -r localMachine root >> log.txt
這是TechNet 文章其中記錄了您可以使用 certmgr.exe 執行哪些命令/用法
答案2
我還沒有找到一個腳本來根據其模板將其導入到正確的存儲中。我認為該腳本是您自己製作的,因為它根本不存在。我發現的是一個 PowerShell 腳本,它會從目錄匯入證書,並且在命令中您必須自己指定正確的儲存。我認為這可能對你有用:
如何使用腳本 匯入安全性憑證的功能。
注意:要取得可用商店名稱的列表,請執行以下命令:dir cert: |選擇 - 展開商店名稱
用法範例:導入憑證 -CertFile "VeriSign_Expires-2028.08.01.cer" -StoreNames AuthRoot, Root -LocalMachine
導入憑證 -CertFile "VeriSign_Expires-2018.05.18.p12" -StoreNames AuthRoot -LocalMachine -CurrentUser -CertPassword 密碼 -Verbose
dir -路徑 C:\Certs -Filter *.cer |導入憑證 -CertFile $_ -StoreNames AuthRoot、根 -LocalMachine -Verbose
腳本本身:
#requires -Version 2.0
function Import-Certificate
{
param
(
[IO.FileInfo] $CertFile = $(throw "Paramerter -CertFile [System.IO.FileInfo] is required."),
[string[]] $StoreNames = $(throw "Paramerter -StoreNames [System.String] is required."),
[switch] $LocalMachine,
[switch] $CurrentUser,
[string] $CertPassword,
[switch] $Verbose
)
begin
{
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Security")
}
process
{
if ($Verbose)
{
$VerbosePreference = 'Continue'
}
if (-not $LocalMachine -and -not $CurrentUser)
{
Write-Warning "One or both of the following parameters are required: '-LocalMachine' '-CurrentUser'. Skipping certificate '$CertFile'."
}
try
{
if ($_)
{
$certfile = $_
}
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certfile,$CertPassword
}
catch
{
Write-Error ("Error importing '$certfile': $_ .") -ErrorAction:Continue
}
if ($cert -and $LocalMachine)
{
$StoreScope = "LocalMachine"
$StoreNames | ForEach-Object {
$StoreName = $_
if (Test-Path "cert:\$StoreScope\$StoreName")
{
try
{
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName, $StoreScope
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($cert)
$store.Close()
Write-Verbose "Successfully added '$certfile' to 'cert:\$StoreScope\$StoreName'."
}
catch
{
Write-Error ("Error adding '$certfile' to 'cert:\$StoreScope\$StoreName': $_ .") -ErrorAction:Continue
}
}
else
{
Write-Warning "Certificate store '$StoreName' does not exist. Skipping..."
}
}
}
if ($cert -and $CurrentUser)
{
$StoreScope = "CurrentUser"
$StoreNames | ForEach-Object {
$StoreName = $_
if (Test-Path "cert:\$StoreScope\$StoreName")
{
try
{
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName, $StoreScope
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($cert)
$store.Close()
Write-Verbose "Successfully added '$certfile' to 'cert:\$StoreScope\$StoreName'."
}
catch
{
Write-Error ("Error adding '$certfile' to 'cert:\$StoreScope\$StoreName': $_ .") -ErrorAction:Continue
}
}
else
{
Write-Warning "Certificate store '$StoreName' does not exist. Skipping..."
}
}
}
}
end
{ }
}
來源:進口證書