http - 为什么 netsh http add sslcert 从 Powershell ps1 文件中抛出错误？

Question

我正在尝试从 powershell ps1 文件中使用 netsh http 添加 sslcert，但它不断抛出错误：

$guid = [guid]::NewGuid()

netsh http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 appid={$guid} 


'JABnAHUAaQBkAA' is not a valid argument for this command.
 The syntax supplied for this command is not valid. Check help for the correct syntax.

  Usage: add sslcert [ipport=]<IP Address:port>
         [certhash=]<string>
         [appid=]<GUID>
         [[certstorename=]<string>
          [verifyclientcertrevocation=]enable|disable
          [verifyrevocationwithcachedclientcertonly=]enable|disable
          [usagecheck=]enable|disable
          [revocationfreshnesstime=]<u-int>
          [urlretrievaltimeout=]<u-int>
          [sslctlidentifier=]<string>
          [sslctlstorename=]<string>
          [dsmapperusage=]enable|disable
          [clientcertnegotiation=]enable|disable]

参数：

    Tag                       Value

    ipport                  - IP address and port for the binding.
    certhash                - The SHA hash of the certificate. This hash
                              is 20 bytes long and specified as a hex
                              string.
    appid                   - GUID to identify the owning application.
    certstorename           - Store name for the certificate. Defaults
                              to MY. Certificate must be stored in the
                              local machine context.
    verifyclientcertrevocation - Turns on/off verification of revocation
                                 of client certificates.
    verifyrevocationwithcachedclientcertonly - Turns on/off usage of
                                               only cached client
                                               certificate for revocation checking.
    usagecheck              - Turns on/off usage check. Default is enabled.
    revocationfreshnesstime - Time interval to check for an updated
                              certificate revocation list (CRL). If this
                              value is 0, then the new CRL is updated
                              only if the previous one expires. (in
                              seconds)
    urlretrievaltimeout     - Timeout on attempt to retrieve certificate
                              revocation list for the remote URL.
                              (in milliseconds)
    sslctlidentifier        - List the certificate issuers that can
                              be trusted. This list can be a subset of
                              the certificate issuers that are trusted
                              by the machine.
    sslctlstorename         - Store name under LOCAL_MACHINE where
                              SslCtlIdentifier is stored.
    dsmapperusage           - Turns on/off DS mappers. Default is
                              disabled.
    clientcertnegotiation   - Turns on/off negotiation of certificate.
                              Default is disabled.

Remarks: adds a new SSL server certificate binding and corresponding client
         certificate policies for an IP address and port.

Examples:

     add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899
-AABBCCDDEEFF}

我可能是错的，但我相信这与我如何在我的 powershell 脚本文件中指定 appid GUID 有关。有人可以帮我解决错误吗？

Answer 1

Powershell 解析 cmd 命令的方式有问题。这将成功执行命令：

$guid = [guid]::NewGuid()
$Command = "http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 appid={$guid}"
$Command | netsh

Answer 2

错误的原因是大括号必须用反引号 (`) 转义。

以下命令将从 PowerShell 命令行运行：

这将在 PowerShell 命令行中起作用：

$AppId = [Guid]::NewGuid().Guid
$Hash = "209966E2BEDA57E3DB74FD4B1E7266F43EB7B56D"

netsh http add sslcert ipport=0.0.0.0:8000 certhash=$Hash appid=`{$Guid`}

重要的细节是用反引号 (`) 转义每个 { }。

如果 netsh 引发错误 87，请尝试附加 certstorename my

没有必要使用变量。它只是为了方便。

Answer 3

下面的代码将起作用，&这里用于调用带参数的程序，并"appid={$guid}"使其传递字符串值。

& netsh http add sslcert ipport=0.0.0.0:443 certhash=5758B8D8248AA8B4E91DAA46F069CC1C39ABA718 "appid={$guid}"