首页 » Mircrosoft » Powershell » Powershell: 用New-SelfSignedCertificate命令创建自签名证书

Powershell: 用New-SelfSignedCertificate命令创建自签名证书

作者: lesca 分类: Powershell 发布时间: 2017-07-06 11:19 ė浏览 171 次 6没有评论

1.创建根证书

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256-KeyLength2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign -KeyUsage CertSign

2.获取证书引用(可选步骤)

将下面的THUMBPRINT替换成所需证书的“指纹”字符串,这个字符串可以从证书详细信息中找到。

$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\THUMBPRINT"

具体如:

$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\AED812AD883826FF7O14D1D5A77B3C08EFA79F3F"

3.用根证书签名新的客户端证书

New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

-CertStoreLocation 参数 (仅两个选项)

  • -CertStoreLocation “cert:\LocalMachine\My”
  • -CertStoreLocation “Cert:\CurrentUser\My”

Leave a Reply

Your email address will not be published. Required fields are marked *

Ɣ回顶部