我在 p7b 文件中收集了一组证书,我想根据证书模板自动将每个证书导入正确的存储区。使用脚本执行此操作的最佳方法是什么?
我尝试使用certutil -addstore root Certificate.p7b,这会将所有根 CA 正确地放入根存储中,但如果遇到任何其他类型的证书,它会返回错误。
我愿意使用批处理脚本、vbscript 或 powershell 来完成此任务。谢谢!
答案1
我使用CertMgr.exe一个简单的 bat 文件来导入证书。
certmgr.exe -add -c ca.cer -s -r localMachine root >> log.txt
certmgr.exe -add -c test.cer -s -r localMachine root >> log.txt
certmgr.exe -add -c edu.cer -s -r localMachine root >> log.txt
这是TechNet 文章其中记录了你可以用 certmgr.exe 执行哪些命令/用法
答案2
我还没有找到一个脚本来根据其模板将其导入到证书的正确存储中。我认为您自己编写了该脚本,因为它根本不存在。我确实找到了一个 PowerShell 脚本,它从目录导入证书,并且在命令中您必须自己指定正确的存储。我认为它可能对您有用:
如何使用脚本 导入安全证书的功能。
注意:要获取可用商店名称的列表,请运行以下命令:dir cert: | Select -Expand StoreNames
示例用法:Import-Certificate -CertFile "VeriSign_Expires-2028.08.01.cer" -StoreNames AuthRoot, Root -LocalMachine
导入证书-CertFile“VeriSign_Expires-2018.05.18.p12”-StoreNames AuthRoot-LocalMachine-CurrentUser-CertPassword 密码-Verbose
dir -Path C:\Certs -Filter *.cer | Import-Certificate -CertFile $_ -StoreNames AuthRoot,Root -LocalMachine -Verbose
脚本本身:
#requires -Version 2.0
function Import-Certificate
{
param
(
[IO.FileInfo] $CertFile = $(throw "Paramerter -CertFile [System.IO.FileInfo] is required."),
[string[]] $StoreNames = $(throw "Paramerter -StoreNames [System.String] is required."),
[switch] $LocalMachine,
[switch] $CurrentUser,
[string] $CertPassword,
[switch] $Verbose
)
begin
{
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Security")
}
process
{
if ($Verbose)
{
$VerbosePreference = 'Continue'
}
if (-not $LocalMachine -and -not $CurrentUser)
{
Write-Warning "One or both of the following parameters are required: '-LocalMachine' '-CurrentUser'. Skipping certificate '$CertFile'."
}
try
{
if ($_)
{
$certfile = $_
}
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certfile,$CertPassword
}
catch
{
Write-Error ("Error importing '$certfile': $_ .") -ErrorAction:Continue
}
if ($cert -and $LocalMachine)
{
$StoreScope = "LocalMachine"
$StoreNames | ForEach-Object {
$StoreName = $_
if (Test-Path "cert:\$StoreScope\$StoreName")
{
try
{
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName, $StoreScope
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($cert)
$store.Close()
Write-Verbose "Successfully added '$certfile' to 'cert:\$StoreScope\$StoreName'."
}
catch
{
Write-Error ("Error adding '$certfile' to 'cert:\$StoreScope\$StoreName': $_ .") -ErrorAction:Continue
}
}
else
{
Write-Warning "Certificate store '$StoreName' does not exist. Skipping..."
}
}
}
if ($cert -and $CurrentUser)
{
$StoreScope = "CurrentUser"
$StoreNames | ForEach-Object {
$StoreName = $_
if (Test-Path "cert:\$StoreScope\$StoreName")
{
try
{
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $StoreName, $StoreScope
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($cert)
$store.Close()
Write-Verbose "Successfully added '$certfile' to 'cert:\$StoreScope\$StoreName'."
}
catch
{
Write-Error ("Error adding '$certfile' to 'cert:\$StoreScope\$StoreName': $_ .") -ErrorAction:Continue
}
}
else
{
Write-Warning "Certificate store '$StoreName' does not exist. Skipping..."
}
}
}
}
end
{ }
}
来源:进口证书