Windows
1 前言
一个问题,一篇文章,一出故事。
笔者最近新装了一台Windows 2019的系统(没有桌面),需要通过命令行导入IIS所需的证书,于是整理此文。
2 最佳实践
2.1 获取使用帮助
Get-Help Import-PfxCertificate
可见如下显示,
NAME Import-PfxCertificate SYNTAX Import-PfxCertificate [-FilePath] <string> [[-CertStoreLocation] <string>] [-Exportable] [-ProtectPrivateKey {NONE | VSM}] [-Password <securestring>] [-WhatIf] [-Confirm] [<CommonParameters>] ALIASES None REMARKS Get-Help cannot find the Help files for this cmdlet on this computer. It is displaying only partial help. -- To download and install Help files for the module that includes this cmdlet, use Update-Help. -- To view the Help topic for this cmdlet online, type: "Get-Help Import-PfxCertificate -Online" or go to https://go.microsoft.com/fwlink/?LinkId=386826.
2.2 导入证书
2.2.1 导入到本地计算机的受信任颁发机构
cd ~ $Pwd = ConvertTo-SecureString -String "caPassword" -Force -AsPlainText Import-PfxCertificate -FilePath .\wildcard.cmdschool.org.pfx -CertStoreLocation Cert:\LocalMachine\Root -Password $Pwd
导入完成后,我们使用如下命令列出本地计算机受信任颁发机构的证书,
Get-ChildItem -Path Cert:\LocalMachine\Root\
可见如下输出,
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root Thumbprint Subject ---------- ------- #... 84DBE85C2B700AEF0D14572549739DE8F90280B2 CN=*.cmdschool.org, O=CMDSCHOOL, L=DG, C=CN #...
2.2.2 导入到本地计算机的个人证书
cd ~ $Pwd = ConvertTo-SecureString -String "caPassword" -Force -AsPlainText Import-PfxCertificate -FilePath .\wildcard.cmdschool.org.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $Pwd
2.2.3 导入到当前用户的受信任颁发机构
cd ~ $Pwd = ConvertTo-SecureString -String "caPassword" -Force -AsPlainText Import-PfxCertificate -FilePath .\wildcard.cmdschool.org.pfx -CertStoreLocation Cert:\CurrentUser\Root -Password $Pwd
2.2.4 导入到当前用户的个人证书
cd ~ $Pwd = ConvertTo-SecureString -String "caPassword" -Force -AsPlainText Import-PfxCertificate -FilePath .\wildcard.cmdschool.org.pfx -CertStoreLocation Cert:\CurrentUser\My -Password $Pwd
2.2 设置证书友好名称
(Get-ChildItem -Path Cert:\LocalMachine\Root\84DBE85C2B700AEF0D14572549739DE8F90280B2).FriendlyName = 'wildcard.cmdschool.org'
参阅文档
=====================
官方文档
————————–
https://learn.microsoft.com/en-us/powershell/module/pki/import-pfxcertificate?view=windowsserver2022-ps
https://learn.microsoft.com/zh-cn/powershell/module/microsoft.powershell.management/get-childitem?view=powershell-7.3
非官方文档
———————
https://blog.51cto.com/gaowenlong/5590948
https://dscottraynsford.wordpress.com/2017/06/09/change-the-friendly-name-of-a-cert-with-powershell/
没有评论