我想知道是否有命令可以将现有证书从一个存储复制到另一个存储。我正在尝试将证书从用户中间证书颁发机构存储 (certutils -user -store ca fqdn-HOST-CA) 复制到计算机的受信任根证书颁发机构存储 (certutils -store root fqdn-HOST-CA)。我尝试将命令与 -addstore 一起传输,但没有用!!
certutil.exe -addstore root | certutil.exe -store -user ca fqdn-HOST-CA
有什么想法吗?谢谢
答案1
我认为使用 PowerShell 可能是可行的方法。
$srcStoreScope = "CurrentUser"
$srcStoreName = "CA"
$srcStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $srcStoreName, $srcStoreScope
$srcStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
$cert = $srcStore.certificates -match "sometext"
$dstStoreScope = "LocalMachine"
$dstStoreName = "root"
$dstStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $dstStoreName, $dstStoreScope
$dstStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$dstStore.Add($cert[0])
$srcStore.Close
$dstStore.Close
#Write-Output $cert